Platform SDK: Access Control |
The TRUSTEE structure identifies the user account, group account, or logon session to which an ACE applies. The structure can use a name or a security identifier (SID) to identify the trustee.
Access control functions, such as SetEntriesInAcl and GetExplicitEntriesFromAcl, use this structure to identify the logon account associated with the access-control or audit-control information in an EXPLICIT_ACCESS structure.
typedef struct _TRUSTEE { PTRUSTEE pMultipleTrustee; MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation; TRUSTEE_FORM TrusteeForm; TRUSTEE_TYPE TrusteeType; LPTSTR ptstrName; } TRUSTEE, *PTRUSTEE;
TrusteeForm value | Description |
---|---|
TRUSTEE_IS_NAME | ptstrName is a pointer to a null-terminated string that contains the name of the trustee. |
TRUSTEE_IS_OBJECTS_AND_NAME | Windows 2000: ptstrName is a pointer to an OBJECTS_AND_NAME structure that contains the name of the trustee and the names of the object types in an object-specific ACE. |
TRUSTEE_IS_OBJECTS_AND_SID | Windows 2000: ptstrName is a pointer to an OBJECTS_AND_SID structure that contains the SID of the trustee and the GUIDs of the object types in an object-specific ACE. |
TRUSTEE_IS_SID | ptstrName is a pointer to the SID of the trustee. |
A trustee name can have any of the following formats:
Name | Meaning |
---|---|
"CREATOR GROUP" | Indicates the CREATOR_GROUP security identifier. This is a SID used in inheritable ACEs. When a new object is created, the system replaces this SID with the primary group SID of the user who created the object. |
"CREATOR OWNER" | Indicates the CREATOR_OWNER security identifier. This is a SID used in inheritable ACEs. When a new object is created, the system replaces this SID with the SID of the user who created the object. |
"CURRENT_USER" | Indicates the owner of the calling thread or process. |
A trustee SID can be any user or group SID. It can also be any of the universal, well-known SIDs. For more information, see Security Identifiers (SIDs).
Windows NT/2000: Requires Windows NT 4.0 or later.
Header: Declared in Accctrl.h.
Unicode: Declared as Unicode and ANSI structures.
Access Control Overview, Access Control Structures, ACL, EXPLICIT_ACCESS, GetExplicitEntriesFromAcl, MULTIPLE_TRUSTEE_OPERATION, SetEntriesInAcl, SID, TRUSTEE_FORM, TRUSTEE_TYPE