Platform SDK: Access Control

SetUserObjectSecurity

The SetUserObjectSecurity function sets the security of a user object. This can be, for example, a window or a DDE conversation. 

BOOL SetUserObjectSecurity(
  HANDLE hObj,                         // handle to user object
  PSECURITY_INFORMATION pSIRequested,  // components
  PSECURITY_DESCRIPTOR pSD             // SD
);

Parameters

hObj
[in] Handle to a user object for which security information is set.
pSIRequested
[in] Pointer to a value that indicates the components of the security descriptor to set. This parameter can be a combination of the following values.
Value Meaning
DACL_SECURITY_INFORMATION Sets the object's discretionary access control list (DACL). The hObj handle must have WRITE_DAC access, or the calling process must be the object's owner.
GROUP_SECURITY_INFORMATION Sets the object's primary group SID. The hObj handle must have WRITE_OWNER access, or the calling process must be the object's owner.
OWNER_SECURITY_INFORMATION Sets the object's owner security identifier (SID). The hObj handle must have WRITE_OWNER access, or the calling process must be the object's owner or have the SE_TAKE_OWNERSHIP_NAME privilege enabled.
SACL_SECURITY_INFORMATION Sets the object's system access control list (SACL). The hObj handle must have ACCESS_SYSTEM_SECURITY access. The proper way to get this access is to enable the SE_SECURITY_NAME privilege in the caller's current access token, open the handle for ACCESS_SYSTEM_SECURITY access, and then disable the privilege.

pSD
[in] Pointer to a SECURITY_DESCRIPTOR structure containing the new security information.

Windows 2000: This buffer must be aligned on a 4-byte boundary.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The SetUserObjectSecurity function applies changes specified in a security descriptor to the security descriptor assigned to a user object. The object's security descriptor must be in self-relative form. If necessary, this function allocates additional memory to increase the size of the security descriptor.

Requirements

  Windows NT/2000: Requires Windows NT 3.1 or later.
  Header: Declared in Winuser.h; include Windows.h.
  Library: Use User32.lib.

See Also

Low-Level Access-Control Overview, Low-Level Access Control Functions, GetUserObjectSecurity, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetFileSecurity, SetKernelObjectSecurity, SetPrivateObjectSecurity

Built on Tuesday, February 08, 2000