Platform SDK: Access Control |
The SetSecurityInfo function sets specified security information in the security descriptor of a specified object. The caller identifies the object by a handle.
Windows 2000: If you are setting the object's DACL or SACL, the system automatically propagates any inheritable ACEs to existing child objects, according to the rules of inheritance.
DWORD SetSecurityInfo( HANDLE handle, // handle to object SE_OBJECT_TYPE ObjectType, // object type SECURITY_INFORMATION SecurityInfo, // buffer PSID psidOwner, // new owner SID PSID psidGroup, // new primary group SID PACL pDacl, // new DACL PACL pSacl // new SACL );
Value | Meaning |
---|---|
DACL_SECURITY_INFORMATION | Set the discretionary access-control list (DACL) in the object's security descriptor. The pDacl parameter is a pointer to the new DACL.
If neither PROTECTED_DACL_SECURITY_INFORMATION nor UNPROTECTED_DACL_SECURITY_INFORMATION is set, the current inheritance settings are preserved. |
GROUP_SECURITY_INFORMATION | Set the primary group SID in the object's security descriptor. The psidGroup parameter is a pointer to the new SID. |
OWNER_SECURITY_INFORMATION | Set the owner security identifier (SID) in the object's security descriptor. The psidOwner parameter is a pointer to the new SID. |
PROTECTED_DACL_SECURITY_INFORMATION | Windows 2000: Protect the DACL from inheriting ACEs.
This value is ignored unless DACL_SECURITY_INFORMATION is also used. |
PROTECTED_SACL_SECURITY_INFORMATION | Windows 2000: Protect the SACL from inheriting ACEs.
This value is ignored unless SACL_SECURITY_INFORMATION is also used. |
SACL_SECURITY_INFORMATION | Set the system access-control list (SACL) in the object's security descriptor. The pSacl parameter is a pointer to the new SACL.
If neither PROTECTED_SACL_SECURITY_INFORMATION nor UNPROTECTED_SACL_SECURITY_INFORMATION is set, the current inheritance settings are preserved. |
UNPROTECTED_DACL_SECURITY_INFORMATION | Windows 2000: Inherit ACEs from the parent whenever applicable.
This value is ignored unless DACL_SECURITY_INFORMATION is also used. |
UNPROTECTED_SACL_SECURITY_INFORMATION | Windows 2000: Inherit ACEs from the parent whenever applicable.
This value is ignored unless SACL_SECURITY_INFORMATION is also used. |
If the function succeeds, the return value is ERROR_SUCCESS.
If the function fails, the return value is a nonzero error code defined in Winerror.h.
You can use the SetSecurityInfo function with the following types of objects:
Windows NT/2000: Requires Windows NT 4.0 or later.
Header: Declared in Aclapi.h.
Library: Use Advapi32.lib.
Access Control Overview, Access Control Functions, ACL, GetNamedSecurityInfo, GetSecurityInfo, SE_OBJECT_TYPE, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetNamedSecurityInfo, SID