SetNamedSecurityInfo

The SetNamedSecurityInfo function sets specified security information in the security descriptor of a specified object. The caller identifies the object by name.

Windows 2000: If you are setting the object's DACL or SACL, the system automatically propagates any inheritable ACEs to existing child objects, according to the rules of inheritance.

DWORD SetNamedSecurityInfo(
  LPTSTR pObjectName,                // object name
  SE_OBJECT_TYPE ObjectType,         // object type
  SECURITY_INFORMATION SecurityInfo, // type
  PSID psidOwner,                    // new owner SID
  PSID psidGroup,                    // new primary group SID
  PACL pDacl,                        // new DACL
  PACL pSacl                         // new SACL
);

Parameters

pObjectName

[in] Pointer to a null-terminated string that specifies the name of the object for which to set security information. This can be the name of a local or remote file or directory on a NTFS file system, network share, registry key, semaphore, event, mutex, file mapping, or waitable timer.

For descriptions of the string formats for the different object types, see SE_OBJECT_TYPE.

ObjectType

[in] Specifies a value from the SE_OBJECT_TYPE enumeration that indicates the type of object named by the pObjectName parameter.

SecurityInfo

[in] A set of SECURITY_INFORMATION bit flags that indicate the type of security information to set. This parameter can be a combination of the following values.

Value	Meaning
DACL_SECURITY_INFORMATION	Set the discretionary access-control list (DACL) in the object's security descriptor. The pDacl parameter is a pointer to the new DACL. If neither PROTECTED_DACL_SECURITY_INFORMATION nor UNPROTECTED_DACL_SECURITY_INFORMATION is set, the current inheritance settings are preserved.
GROUP_SECURITY_INFORMATION	Set the primary group SID in the object's security descriptor. The psidGroup parameter is a pointer to the new SID.
OWNER_SECURITY_INFORMATION	Set the owner security identifier (SID) in the object's security descriptor. The psidOwner parameter is a pointer to the new SID.
PROTECTED_DACL_SECURITY_INFORMATION	Windows 2000: Protect the DACL from inheriting ACEs. This value is ignored unless DACL_SECURITY_INFORMATION is also used.
PROTECTED_SACL_SECURITY_INFORMATION	Windows 2000: Protect the SACL from inheriting ACEs. This value is ignored unless SACL_SECURITY_INFORMATION is also used.
SACL_SECURITY_INFORMATION	Set the system access-control list (SACL) in the object's security descriptor. The pSacl parameter is a pointer to the new SACL. If neither PROTECTED_SACL_SECURITY_INFORMATION nor UNPROTECTED_SACL_SECURITY_INFORMATION is set, the current inheritance settings are preserved.
UNPROTECTED_DACL_SECURITY_INFORMATION	Windows 2000: Inherit ACEs from the parent whenever applicable. This value is ignored unless DACL_SECURITY_INFORMATION is also used.
UNPROTECTED_SACL_SECURITY_INFORMATION	Windows 2000: Inherit ACEs from the parent whenever applicable. This value is ignored unless SACL_SECURITY_INFORMATION is also used.

psidOwner

[in] Pointer to a SID that identifies the object's owner. The SID must be one that can be assigned as the owner SID of a security descriptor. The SecurityInfo parameter must include the OWNER_SECURITY_INFORMATION flag. The caller must have WRITE_OWNER access to the object or have the SE_TAKE_OWNERSHIP_NAME privilege enabled. This parameter can be NULL if you are not setting the owner SID.

psidGroup

[in] Pointer to a SID that identifies the object's primary group. The SecurityInfo parameter must include the GROUP_SECURITY_INFORMATION flag. This parameter can be NULL if you are not setting the primary group SID.

pDacl

[in] Pointer to the new DACL for the object. The SecurityInfo parameter must include the DACL_SECURITY_INFORMATION flag. The caller must have WRITE_DAC access to the object or be the object's owner. This parameter can be NULL if you are not setting the DACL.

pSacl

[in] Pointer to the new SACL for the object. The SecurityInfo parameter must include the SACL_SECURITY_INFORMATION flag. The caller must have the SE_SECURITY_NAME privilege enabled. This parameter can be NULL if you are not setting the SACL.

Return Values

If the function succeeds, the return value is ERROR_SUCCESS.

If the function fails, the return value is a nonzero error code defined in Winerror.h.

Remarks

You can use the SetNamedSecurityInfo function with the following types of objects:

• Local or remote files or directories on an NTFS file system
• Local or remote printers
• Local or remote Win32 services
• Network shares
• Registry keys
• Semaphores, events, mutexes, and waitable timers
• File-mapping objects
• Directory service objects

Requirements

  Windows NT/2000: Requires Windows NT 4.0 or later.
  Header: Declared in Aclapi.h.
  Library: Use Advapi32.lib.
  Unicode: Implemented as Unicode and ANSI versions on Windows NT/2000.

See Also

Access Control Overview, Access Control Functions, ACL, GetNamedSecurityInfo, GetSecurityInfo, SE_OBJECT_TYPE, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetSecurityInfo, SID