Platform SDK: Access Control |
The GetFileSecurity function obtains specified information about the security of a file or directory. The information obtained is constrained by the caller's access rights and privileges.
Windows NT 4.0 and later: You can use the GetNamedSecurityInfo function.
BOOL GetFileSecurity( LPCTSTR lpFileName, // file name SECURITY_INFORMATION RequestedInformation, // request PSECURITY_DESCRIPTOR pSecurityDescriptor, // SD DWORD nLength, // size of SD LPDWORD lpnLengthNeeded // required buffer size );
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
To read the owner, group, or DACL from the security descriptor for the specified file or directory, the DACL for the file or directory must grant READ_CONTROL access to the caller or the caller must be the owner of the file or directory.
To read the system access-control list (SACL) of a file or directory, the SE_SECURITY_NAME privilege must be enabled for the calling process.
Windows NT/2000: Requires Windows NT 3.1 or later.
Header: Declared in Winbase.h; include Windows.h.
Library: Use Advapi32.lib.
Unicode: Implemented as Unicode and ANSI versions on Windows NT/2000.
Low-Level Access-Control Overview, Low-Level Access Control Functions, GetKernelObjectSecurity, GetPrivateObjectSecurity, GetUserObjectSecurity, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetFileSecurity