Platform SDK: Access Control

TRUSTEE

The TRUSTEE structure identifies the user account, group account, or logon session to which an ACE applies. The structure can use a name or a security identifier (SID) to identify the trustee.

Access control functions, such as SetEntriesInAcl and GetExplicitEntriesFromAcl, use this structure to identify the logon account associated with the access-control or audit-control information in an EXPLICIT_ACCESS structure.

typedef struct _TRUSTEE {
  PTRUSTEE                    pMultipleTrustee;
  MULTIPLE_TRUSTEE_OPERATION  MultipleTrusteeOperation;
  TRUSTEE_FORM                TrusteeForm;
  TRUSTEE_TYPE                TrusteeType;
  LPTSTR                      ptstrName;
} TRUSTEE, *PTRUSTEE;

Members

pMultipleTrustee
Pointer to a TRUSTEE structure that identifies a server account that can impersonate the user identified by the ptstrName member. This member is not currently supported and must be NULL.
MultipleTrusteeOperation
Specifies a value from the MULTIPLE_TRUSTEE_OPERATION enumeration type. Currently, this member must be NO_MULTIPLE_TRUSTEE.
TrusteeForm
Specifies a value from the TRUSTEE_FORM enumeration type that indicates the type of data pointed to by the ptstrName member.
TrusteeType
Specifies a value from the TRUSTEE_TYPE enumeration type that indicates whether the trustee is a user account, a group account, or the account type is unknown.
ptstrName
Pointer to a buffer that identifies the trustee and optionally contains information about object-specific ACEs. The type of data depends on the value of the TrusteeForm member.
TrusteeForm value Description
TRUSTEE_IS_NAME ptstrName is a pointer to a null-terminated string that contains the name of the trustee.
TRUSTEE_IS_OBJECTS_AND_NAME Windows 2000: ptstrName is a pointer to an OBJECTS_AND_NAME structure that contains the name of the trustee and the names of the object types in an object-specific ACE.
TRUSTEE_IS_OBJECTS_AND_SID Windows 2000: ptstrName is a pointer to an OBJECTS_AND_SID structure that contains the SID of the trustee and the GUIDs of the object types in an object-specific ACE.
TRUSTEE_IS_SID ptstrName is a pointer to the SID of the trustee.

Remarks

A trustee name can have any of the following formats:

Name Meaning
"CREATOR GROUP" Indicates the CREATOR_GROUP security identifier. This is a SID used in inheritable ACEs. When a new object is created, the system replaces this SID with the primary group SID of the user who created the object.
"CREATOR OWNER" Indicates the CREATOR_OWNER security identifier. This is a SID used in inheritable ACEs. When a new object is created, the system replaces this SID with the SID of the user who created the object.
"CURRENT_USER" Indicates the owner of the calling thread or process.

A trustee SID can be any user or group SID. It can also be any of the universal, well-known SIDs. For more information, see Security Identifiers (SIDs).

Requirements

  Windows NT/2000: Requires Windows NT 4.0 or later.
  Header: Declared in Accctrl.h.
  Unicode: Declared as Unicode and ANSI structures.

See Also

Access Control Overview, Access Control Structures, ACL, EXPLICIT_ACCESS, GetExplicitEntriesFromAcl, MULTIPLE_TRUSTEE_OPERATION, SetEntriesInAcl, SID, TRUSTEE_FORM, TRUSTEE_TYPE