SetSecurityInfo

The SetSecurityInfo function sets specified security information in the security descriptor of a specified object. The caller identifies the object by a handle.

DWORD SetSecurityInfo(
  HANDLE handle,  // handle to the object
  SE_OBJECT_TYPE ObjectType,
                  // type of object
  SECURITY_INFORMATION SecurityInfo, 
                  // type of security information to set
  PSID psidOwner, // pointer to the new owner SID
  PSID psidGroup, // pointer to the new primary group SID
  PACL pDacl,     // pointer to the new DACL
  PACL pSacl      // pointer to the new SACL
);
 

Parameters

handle

A handle to the object for which to set security information.

ObjectType

Specifies a value from the SE_OBJECT_TYPE enumeration that indicates the type of object identified by the handle parameter.

SecurityInfo

Specifies the components of the security descriptor to set. This parameter can be a combination of the following values.

Value	Meaning
OWNER_SECURITY_INFORMATION
	Sets the object's owner security identifier (SID). The psidOwner parameter points to the new SID. The handle parameter must have WRITE_OWNER access, or the calling process must be the object's owner or have the SE_TAKE_OWNERSHIP_NAME privilege enabled.
GROUP_SECURITY_INFORMATION
	Sets the object's primary group SID. The psidGroup parameter points to the new SID. The handle parameter must have WRITE_OWNER access, or the calling process must be the object's owner.
DACL_SECURITY_INFORMATION
	Sets the object's discretionary access control list (DACL). The pDacl parameter points to the new DACL. The handle parameter must have WRITE_DAC access, or the calling process must be the object's owner.
SACL_SECURITY_INFORMATION
	Sets the object's system access control list (SACL). The pSacl parameter points to the new SACL. The handle parameter must have ACCESS_SYSTEM_SECURITY access. The proper way to get this access is to enable the SE_SECURITY_NAME privilege in the caller's current access token, open the handle for ACCESS_SYSTEM_SECURITY access, and then disable the privilege.

psidOwner

Pointer to a SID that identifies the object's owner. The SID must be one that can be assigned as the owner SID of a security descriptor. The SecurityInfo parameter must include the OWNER_SECURITY_INFORMATION flag. This parameter can be NULL if you are not setting the owner SID.

psidGroup

Pointer to a SID that identifies the object's primary group. The SecurityInfo parameter must include the GROUP_SECURITY_INFORMATION flag. This parameter can be NULL if you are not setting the primary group SID.

pDacl

Pointer to the new DACL for the object. The SecurityInfo parameter must include the DACL_SECURITY_INFORMATION flag. This parameter can be NULL if you are not setting the DACL.

pSacl

Pointer to the new SACL for the object. The SecurityInfo parameter must include the SACL_SECURITY_INFORMATION flag. This parameter can be NULL if you are not setting the SACL.

Return Values

If the function succeeds, the return value is ERROR_SUCCESS.

If the function fails, the return value is a nonzero error code defined in WINERROR.H.

QuickInfo

  Windows NT: Requires version 4.0 or later.
  Windows: Unsupported.
  Windows CE: Unsupported.
  Header: Declared in aclapi.h.
  Import Library: Use advapi32.lib.

See Also

Windows NT 4.0 Access Control Overview, Windows NT 4.0 Access-Control Functions, ACL, GetNamedSecurityInfo, GetSecurityInfo, SE_OBJECT_TYPE, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetNamedSecurityInfo, SID