Low-Level Security Descriptor Functions

Platform SDK: Access Control

Low-Level Security Descriptor Functions

There are several pairs of low-level functions for setting and retrieving an object's security descriptor. Each of these pairs works only with a limited set of Win32 objects. For example, one pair works with file objects and another works with registry keys. The following table shows the low-level functions to use with the different types of securable objects.

Object type	Low-level functions
Files Directories Mailslots Named pipes	Use the GetFileSecurity and SetFileSecurity functions. These functions use character strings to identify the securable object, instead of using handles.
Processes Threads Access tokens File-mapping objects Semaphores Events Mutexes Waitable timers	Use the GetKernelObjectSecurity and SetKernelObjectSecurity functions.
Window stations Desktops	Use the GetUserObjectSecurity and SetUserObjectSecurity functions.
Registry keys	Use the RegGetKeySecurity and RegSetKeySecurity functions.
Win32 service objects	Use the QueryServiceObjectSecurity and SetServiceObjectSecurity functions.
Printer objects	Use the PRINTER_INFO_2 structure with the GetPrinter and SetPrinter functions.
Network shares	Use level 502 with the NetShareGetInfo and NetShareSetInfo functions.
Private objects (objects private to the creating application)	Use the CreatePrivateObjectSecurity, DestroyPrivateObjectSecurity, GetPrivateObjectSecurity and SetPrivateObjectSecurity functions.