Platform SDK: Access Control

SetSecurityInfo

The SetSecurityInfo function sets specified security information in the security descriptor of a specified object. The caller identifies the object by a handle.

Windows 2000: If you are setting the object's DACL or SACL, the system automatically propagates any inheritable ACEs to existing child objects, according to the rules of inheritance.

DWORD SetSecurityInfo(
  HANDLE handle,                     // handle to object
  SE_OBJECT_TYPE ObjectType,         // object type
  SECURITY_INFORMATION SecurityInfo, // buffer
  PSID psidOwner,                    // new owner SID
  PSID psidGroup,                    // new primary group SID
  PACL pDacl,                        // new DACL
  PACL pSacl                         // new SACL
);

Parameters

handle
[in] Handle to the object for which to set security information.
ObjectType
[in] Specifies a value from the SE_OBJECT_TYPE enumeration that indicates the type of object identified by the handle parameter.
SecurityInfo
[in] Specifies the components of the security descriptor to set. This parameter can be a combination of the following values.
Value Meaning
DACL_SECURITY_INFORMATION Set the discretionary access-control list (DACL) in the object's security descriptor. The pDacl parameter is a pointer to the new DACL.

If neither PROTECTED_DACL_SECURITY_INFORMATION nor UNPROTECTED_DACL_SECURITY_INFORMATION is set, the current inheritance settings are preserved.

GROUP_SECURITY_INFORMATION Set the primary group SID in the object's security descriptor. The psidGroup parameter is a pointer to the new SID.
OWNER_SECURITY_INFORMATION Set the owner security identifier (SID) in the object's security descriptor. The psidOwner parameter is a pointer to the new SID.
PROTECTED_DACL_SECURITY_INFORMATION Windows 2000: Protect the DACL from inheriting ACEs.

This value is ignored unless DACL_SECURITY_INFORMATION is also used.

PROTECTED_SACL_SECURITY_INFORMATION Windows 2000: Protect the SACL from inheriting ACEs.

This value is ignored unless SACL_SECURITY_INFORMATION is also used.

SACL_SECURITY_INFORMATION Set the system access-control list (SACL) in the object's security descriptor. The pSacl parameter is a pointer to the new SACL.

If neither PROTECTED_SACL_SECURITY_INFORMATION nor UNPROTECTED_SACL_SECURITY_INFORMATION is set, the current inheritance settings are preserved.

UNPROTECTED_DACL_SECURITY_INFORMATION Windows 2000: Inherit ACEs from the parent whenever applicable.

This value is ignored unless DACL_SECURITY_INFORMATION is also used.

UNPROTECTED_SACL_SECURITY_INFORMATION Windows 2000: Inherit ACEs from the parent whenever applicable.

This value is ignored unless SACL_SECURITY_INFORMATION is also used.


psidOwner
[in] Pointer to a SID that identifies the object's owner. The SID must be one that can be assigned as the owner SID of a security descriptor. The SecurityInfo parameter must include the OWNER_SECURITY_INFORMATION flag. This parameter can be NULL if you are not setting the owner SID.
psidGroup
[in] Pointer to a SID that identifies the object's primary group. The SecurityInfo parameter must include the GROUP_SECURITY_INFORMATION flag. This parameter can be NULL if you are not setting the primary group SID.
pDacl
[in] Pointer to the new DACL for the object. The SecurityInfo parameter must include the DACL_SECURITY_INFORMATION flag. This parameter can be NULL if you are not setting the DACL.
pSacl
[in] Pointer to the new SACL for the object. The SecurityInfo parameter must include the SACL_SECURITY_INFORMATION flag. This parameter can be NULL if you are not setting the SACL.

Return Values

If the function succeeds, the return value is ERROR_SUCCESS.

If the function fails, the return value is a nonzero error code defined in Winerror.h.

Remarks

You can use the SetSecurityInfo function with the following types of objects:

Requirements

  Windows NT/2000: Requires Windows NT 4.0 or later.
  Header: Declared in Aclapi.h.
  Library: Use Advapi32.lib.

See Also

Access Control Overview, Access Control Functions, ACL, GetNamedSecurityInfo, GetSecurityInfo, SE_OBJECT_TYPE, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetNamedSecurityInfo, SID