SetSecurityInfo

The SetSecurityInfo function sets specified security information in the security descriptor of a specified object. The caller identifies the object by a handle.

Windows 2000: If you are setting the object's DACL or SACL, the system automatically propagates any inheritable ACEs to existing child objects, according to the rules of inheritance.

DWORD SetSecurityInfo(
  HANDLE handle,                     // handle to object
  SE_OBJECT_TYPE ObjectType,         // object type
  SECURITY_INFORMATION SecurityInfo, // buffer
  PSID psidOwner,                    // new owner SID
  PSID psidGroup,                    // new primary group SID
  PACL pDacl,                        // new DACL
  PACL pSacl                         // new SACL
);

Parameters

handle

[in] Handle to the object for which to set security information.

ObjectType

[in] Specifies a value from the SE_OBJECT_TYPE enumeration that indicates the type of object identified by the handle parameter.

SecurityInfo

[in] Specifies the components of the security descriptor to set. This parameter can be a combination of the following values.

Value	Meaning
DACL_SECURITY_INFORMATION	Set the discretionary access-control list (DACL) in the object's security descriptor. The pDacl parameter is a pointer to the new DACL. If neither PROTECTED_DACL_SECURITY_INFORMATION nor UNPROTECTED_DACL_SECURITY_INFORMATION is set, the current inheritance settings are preserved.
GROUP_SECURITY_INFORMATION	Set the primary group SID in the object's security descriptor. The psidGroup parameter is a pointer to the new SID.
OWNER_SECURITY_INFORMATION	Set the owner security identifier (SID) in the object's security descriptor. The psidOwner parameter is a pointer to the new SID.
PROTECTED_DACL_SECURITY_INFORMATION	Windows 2000: Protect the DACL from inheriting ACEs. This value is ignored unless DACL_SECURITY_INFORMATION is also used.
PROTECTED_SACL_SECURITY_INFORMATION	Windows 2000: Protect the SACL from inheriting ACEs. This value is ignored unless SACL_SECURITY_INFORMATION is also used.
SACL_SECURITY_INFORMATION	Set the system access-control list (SACL) in the object's security descriptor. The pSacl parameter is a pointer to the new SACL. If neither PROTECTED_SACL_SECURITY_INFORMATION nor UNPROTECTED_SACL_SECURITY_INFORMATION is set, the current inheritance settings are preserved.
UNPROTECTED_DACL_SECURITY_INFORMATION	Windows 2000: Inherit ACEs from the parent whenever applicable. This value is ignored unless DACL_SECURITY_INFORMATION is also used.
UNPROTECTED_SACL_SECURITY_INFORMATION	Windows 2000: Inherit ACEs from the parent whenever applicable. This value is ignored unless SACL_SECURITY_INFORMATION is also used.

psidOwner

[in] Pointer to a SID that identifies the object's owner. The SID must be one that can be assigned as the owner SID of a security descriptor. The SecurityInfo parameter must include the OWNER_SECURITY_INFORMATION flag. This parameter can be NULL if you are not setting the owner SID.

psidGroup

[in] Pointer to a SID that identifies the object's primary group. The SecurityInfo parameter must include the GROUP_SECURITY_INFORMATION flag. This parameter can be NULL if you are not setting the primary group SID.

pDacl

[in] Pointer to the new DACL for the object. The SecurityInfo parameter must include the DACL_SECURITY_INFORMATION flag. This parameter can be NULL if you are not setting the DACL.

pSacl

[in] Pointer to the new SACL for the object. The SecurityInfo parameter must include the SACL_SECURITY_INFORMATION flag. This parameter can be NULL if you are not setting the SACL.

Return Values

If the function succeeds, the return value is ERROR_SUCCESS.

If the function fails, the return value is a nonzero error code defined in Winerror.h.

Remarks

You can use the SetSecurityInfo function with the following types of objects:

• Local or remote files or directories on an NTFS file system
• Named pipes
• Local or remote printers
• Local or remote Win32 services
• Network shares
• Registry keys
• Semaphores, events, mutexes, and waitable timers
• Processes, threads, jobs, and file-mapping objects
• Window stations and desktops
• Directory service objects

Requirements

  Windows NT/2000: Requires Windows NT 4.0 or later.
  Header: Declared in Aclapi.h.
  Library: Use Advapi32.lib.

See Also

Access Control Overview, Access Control Functions, ACL, GetNamedSecurityInfo, GetSecurityInfo, SE_OBJECT_TYPE, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetNamedSecurityInfo, SID