RtlSetDaclSecurityDescriptor

NTSTATUS
    RtlSetDaclSecurityDescriptor(

        IN OUT PSECURITY_DESCRIPTOR  SecurityDescriptor,
        IN BOOLEAN  DaclPresent,
        IN PACL  Dacl,                /* optional */
        IN BOOLEAN  DaclDefaulted             /* optional */
        );

RtlSetDaclSecurityDescriptor sets the DACL information of an absolute-format security descriptor. If there is already a DACL present in the security descriptor, it is superseded.

Parameters

SecurityDescriptor
Points to the security descriptor to which the DACL is to be applied.
DaclPresent
If FALSE, indicates that the DaclPresent flag in the security descriptor should be set to FALSE. In this case, the remaining optional parameters are ignored. Otherwise, the DaclPresent control flag in the security descriptor is set to TRUE and the remaining optional parameters are not ignored.
Dacl
Points to the DACL for the security descriptor. If this parameter is NULL, a NULL ACL is assigned to the security descriptor. A NULL DACL unconditionally grants access. The DACL is referenced by, but not copied into, the security descriptor.
DaclDefaulted
When set, indicates that the DACL was picked up from some default mechanism rather than explicitly specified by the caller. This value is set in the DaclDefaulted control flag in the security descriptor. If this parameter is NULL, the DaclDefaulted flag will be cleared.

Return Value

RtlSetDaclSecurityDescriptor can return one of the following status codes:

Value

Meaning

STATUS_SUCCESS

Indicates the call completed successfully.

STATUS_UNKNOWN_REVISION

Indicates the revision of the security descriptor is unknown.

STATUS_INVALID_SECURITY_DESCR

Indicates the security descriptor is not an absolute format security descriptor.

Comments

Callers of RtlSetDaclSecurityDescriptor must be running at IRQL PASSIVE_LEVEL.

See Also

RtlCreateSecurityDescriptor, RtlLengthSecurityDescriptor, RtlValidSecurityDescriptor