Platform SDK: Access Control

Securable Objects

A securable object is an object that can have a security descriptor. All named Win32 objects are securable. Some unnamed objects, such as process and thread objects, can have security descriptors too. For most securable objects, you can specify an object's security descriptor in the function call that creates the object. For example, you can specify a security descriptor in the CreateFile and CreateProcess functions.

In addition, the Win32 security functions enable you to get and set the security information for securable objects created on operating systems other than Windows NT/Windows 2000. The Win32 security functions also provide support for using security descriptors with private, application-defined objects. For more information about private securable objects, see Client-Server Access Control.

Each type of securable object defines its own set of specific access rights and its own mapping of generic access rights. For information about the specific and generic access rights for each type of securable object, see the overview for that type of object.

The following table shows the functions to use to manipulate the security information for each type of securable object.

Object type Security Descriptor Functions
Files or directories on an NTFS file system GetNamedSecurityInfo, SetNamedSecurityInfo, GetSecurityInfo, SetSecurityInfo
Named pipes
Anonymous pipes
GetSecurityInfo, SetSecurityInfo
Console screen buffers Not supported.
Processes

Threads

GetSecurityInfo, SetSecurityInfo
File-mapping objects GetNamedSecurityInfo, SetNamedSecurityInfo, GetSecurityInfo, SetSecurityInfo
Access tokens SetKernelObjectSecurity, GetKernelObjectSecurity
Window-management objects (window stations and desktops) GetSecurityInfo, SetSecurityInfo
Registry keys GetNamedSecurityInfo, SetNamedSecurityInfo, GetSecurityInfo, SetSecurityInfo
Win32 services GetNamedSecurityInfo, SetNamedSecurityInfo, GetSecurityInfo, SetSecurityInfo
Local or remote printers GetNamedSecurityInfo, SetNamedSecurityInfo, GetSecurityInfo, SetSecurityInfo
Network shares GetNamedSecurityInfo, SetNamedSecurityInfo, GetSecurityInfo, SetSecurityInfo
Interprocess synchronization objects (events, mutexes, semaphores, and waitable timers) GetNamedSecurityInfo, SetNamedSecurityInfo, GetSecurityInfo, SetSecurityInfo
Job objects GetNamedSecurityInfo, SetNamedSecurityInfo, GetSecurityInfo, SetSecurityInfo