Platform SDK: Access Control

TRUSTEE

The TRUSTEE structure identifies the user account, group account, or logon session to which an ACE applies. The structure can use a name or a security identifier (SID) to identify the trustee.

Access control functions, such as SetEntriesInAcl and GetExplicitEntriesFromAcl, use this structure to identify the logon account associated with the access-control or audit-control information in an EXPLICIT_ACCESS structure.

typedef struct _TRUSTEE {
  PTRUSTEE                    pMultipleTrustee;
  MULTIPLE_TRUSTEE_OPERATION  MultipleTrusteeOperation;
  TRUSTEE_FORM                TrusteeForm;
  TRUSTEE_TYPE                TrusteeType;
  LPTSTR                      ptstrName;
} TRUSTEE, *PTRUSTEE;

Members

pMultipleTrustee

Pointer to a TRUSTEE structure that identifies a server account that can impersonate the user identified by the ptstrName member. This member is not currently supported and must be NULL.

MultipleTrusteeOperation

Specifies a value from the MULTIPLE_TRUSTEE_OPERATION enumeration type. Currently, this member must be NO_MULTIPLE_TRUSTEE.

TrusteeForm

Specifies a value from the TRUSTEE_FORM enumeration type that indicates the type of data pointed to by the ptstrName member.

TrusteeType

Specifies a value from the TRUSTEE_TYPE enumeration type that indicates whether the trustee is a user account, a group account, or the account type is unknown.

ptstrName

Pointer to a buffer that identifies the trustee and optionally contains information about object-specific ACEs. The type of data depends on the value of the TrusteeForm member.

TrusteeForm value	Description
TRUSTEE_IS_NAME	ptstrName is a pointer to a null-terminated string that contains the name of the trustee.
TRUSTEE_IS_OBJECTS_AND_NAME	Windows 2000: ptstrName is a pointer to an OBJECTS_AND_NAME structure that contains the name of the trustee and the names of the object types in an object-specific ACE.
TRUSTEE_IS_OBJECTS_AND_SID	Windows 2000: ptstrName is a pointer to an OBJECTS_AND_SID structure that contains the SID of the trustee and the GUIDs of the object types in an object-specific ACE.
TRUSTEE_IS_SID	ptstrName is a pointer to the SID of the trustee.

Remarks

A trustee name can have any of the following formats:

A fully qualified name, such as "g:\remotedir\abc".
A Windows NT version 3.x or later domain account, such as "redmond\xyz".
One of the predefined group names, such as "EVERYONE" or "GUEST".
One of the following special names.

Name	Meaning
"CREATOR GROUP"	Indicates the CREATOR_GROUP security identifier. This is a SID used in inheritable ACEs. When a new object is created, the system replaces this SID with the primary group SID of the user who created the object.
"CREATOR OWNER"	Indicates the CREATOR_OWNER security identifier. This is a SID used in inheritable ACEs. When a new object is created, the system replaces this SID with the SID of the user who created the object.
"CURRENT_USER"	Indicates the owner of the calling thread or process.

A trustee SID can be any user or group SID. It can also be any of the universal, well-known SIDs. For more information, see Security Identifiers (SIDs).

Requirements

  Windows NT/2000: Requires Windows NT 4.0 or later.
  Header: Declared in Accctrl.h.
  Unicode: Declared as Unicode and ANSI structures.

TRUSTEE

Members

Remarks

Requirements

See Also