Platform SDK: Access Control |
The SetNamedSecurityInfo function sets specified security information in the security descriptor of a specified object. The caller identifies the object by name.
Windows 2000: If you are setting the object's DACL or SACL, the system automatically propagates any inheritable ACEs to existing child objects, according to the rules of inheritance.
DWORD SetNamedSecurityInfo( LPTSTR pObjectName, // object name SE_OBJECT_TYPE ObjectType, // object type SECURITY_INFORMATION SecurityInfo, // type PSID psidOwner, // new owner SID PSID psidGroup, // new primary group SID PACL pDacl, // new DACL PACL pSacl // new SACL );
For descriptions of the string formats for the different object types, see SE_OBJECT_TYPE.
Value | Meaning |
---|---|
DACL_SECURITY_INFORMATION | Set the discretionary access-control list (DACL) in the object's security descriptor. The pDacl parameter is a pointer to the new DACL.
If neither PROTECTED_DACL_SECURITY_INFORMATION nor UNPROTECTED_DACL_SECURITY_INFORMATION is set, the current inheritance settings are preserved. |
GROUP_SECURITY_INFORMATION | Set the primary group SID in the object's security descriptor. The psidGroup parameter is a pointer to the new SID. |
OWNER_SECURITY_INFORMATION | Set the owner security identifier (SID) in the object's security descriptor. The psidOwner parameter is a pointer to the new SID. |
PROTECTED_DACL_SECURITY_INFORMATION | Windows 2000: Protect the DACL from inheriting ACEs.
This value is ignored unless DACL_SECURITY_INFORMATION is also used. |
PROTECTED_SACL_SECURITY_INFORMATION | Windows 2000: Protect the SACL from inheriting ACEs.
This value is ignored unless SACL_SECURITY_INFORMATION is also used. |
SACL_SECURITY_INFORMATION | Set the system access-control list (SACL) in the object's security descriptor. The pSacl parameter is a pointer to the new SACL.
If neither PROTECTED_SACL_SECURITY_INFORMATION nor UNPROTECTED_SACL_SECURITY_INFORMATION is set, the current inheritance settings are preserved. |
UNPROTECTED_DACL_SECURITY_INFORMATION | Windows 2000: Inherit ACEs from the parent whenever applicable.
This value is ignored unless DACL_SECURITY_INFORMATION is also used. |
UNPROTECTED_SACL_SECURITY_INFORMATION | Windows 2000: Inherit ACEs from the parent whenever applicable.
This value is ignored unless SACL_SECURITY_INFORMATION is also used. |
If the function succeeds, the return value is ERROR_SUCCESS.
If the function fails, the return value is a nonzero error code defined in Winerror.h.
You can use the SetNamedSecurityInfo function with the following types of objects:
Windows NT/2000: Requires Windows NT 4.0 or later.
Header: Declared in Aclapi.h.
Library: Use Advapi32.lib.
Unicode: Implemented as Unicode and ANSI versions on Windows NT/2000.
Access Control Overview, Access Control Functions, ACL, GetNamedSecurityInfo, GetSecurityInfo, SE_OBJECT_TYPE, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetSecurityInfo, SID