Platform SDK: Access Control |
The CreatePrivateObjectSecurity function allocates and initializes a self-relative security descriptor for a new private object. A protected server calls this function when it creates a new private object.
To specify the object type GUID of the new object or control how ACEs are inherited, use the CreatePrivateObjectSecurityEx function.
BOOL CreatePrivateObjectSecurity( PSECURITY_DESCRIPTOR ParentDescriptor, // parent directory SD PSECURITY_DESCRIPTOR CreatorDescriptor, // creator SD PSECURITY_DESCRIPTOR *NewDescriptor, // new SD BOOL IsDirectoryObject, // container HANDLE Token, // handle to access token PGENERIC_MAPPING GenericMapping // mapping );
A client token is used to retrieve default security information for the new object, such as its default owner, primary group, and discretionary access-control list. The token must be open for TOKEN_QUERY access.
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
If a system access-control list, or SACL, is specified in the SECURITY_DESCRIPTOR specified by the CreatorDescriptor parameter, the Token parameter must have the SE_SECURITY_NAME privilege enabled. The CreatePrivateObjectSecurity function checks this privilege and may generate audits during the process.
Windows NT/2000: Requires Windows NT 3.1 or later.
Header: Declared in Winbase.h; include Windows.h.
Library: Use Advapi32.lib.
Client/Server Access Control Overview, Client/Server Access Control Functions, CreatePrivateObjectSecurityEx, DestroyPrivateObjectSecurity, GENERIC_MAPPING, GetPrivateObjectSecurity, GetTokenInformation, OpenProcessToken, SECURITY_DESCRIPTOR, SECURITY_IMPERSONATION_LEVEL, SetPrivateObjectSecurity