| Platform SDK: Access Control |
Low-level access-control provides a set of functions for creating a security descriptor and getting and setting the components of a security descriptor. The low-level functions for initializing and setting the components of a security descriptor work only with absolute-format security descriptors. The low-level functions for getting the components of a security descriptor work with both absolute and self-relative security descriptors.
The InitializeSecurityDescriptor function initializes a SECURITY_DESCRIPTOR buffer. The initialized security descriptor is in absolute format and has no owner, primary group, discretionary access-control list (DACL), or system access-control list (SACL). You can use the following low-level functions to get or set specific components of a specified security descriptor.
| Function | Description |
|---|---|
| GetSecurityDescriptorControl | Retrieves revision and control information from a security descriptor. |
| GetSecurityDescriptorDacl | Gets the DACL from a security descriptor. |
| GetSecurityDescriptorGroup | Retrieves the primary group security identifier (SID) from a security descriptor. |
| GetSecurityDescriptorLength | Returns the length of a security descriptor. |
| GetSecurityDescriptorOwner | Retrieves the owner SID from a security descriptor. |
| GetSecurityDescriptorSacl | Gets the SACL from a security descriptor. |
| SetSecurityDescriptorDacl | Puts a DACL into a security descriptor, superseding any existing DACL. |
| SetSecurityDescriptorGroup | Sets the primary group SID of a security descriptor. |
| SetSecurityDescriptorOwner | Sets the owner SID of a security descriptor. |
| SetSecurityDescriptorSacl | Puts a SACL into a security descriptor, superseding any existing SACL. |
To check the revision level and structural integrity of a security descriptor, call the IsValidSecurityDescriptor function.