| Platform SDK: Access Control |
The GetSecurity method requests a security descriptor for the securable object whose security descriptor is being edited. The access control editor calls this method to retrieve the object's current or default security descriptor.
HRESULT GetSecurity( SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR *ppSecurityDescriptor, BOOL fDefault );
| Value | Meaning |
|---|---|
| OWNER_SECURITY_INFORMATION | If this flag is set, the security descriptor must include the SID of the object's owner. |
| GROUP_SECURITY_INFORMATION | If this flag is set, the security descriptor must include the SID of the object's primary group. |
| DACL_SECURITY_INFORMATION | If this flag is set, the security descriptor must include the object's DACL. |
| SACL_SECURITY_INFORMATION | If this flag is set, the security descriptor must include the object's SACL. |
The system calls the LocalFree function to free the returned pointer.
The access control editor sets this flag to TRUE only if the user clicks the Default button. The Default button is displayed only if you set the SI_RESET flag in the ISecurityInformation::GetObjectInformation method. If no default security descriptor is available, do not set the SI_RESET flag.
If this flag is FALSE, ppSecurityDescriptor should return the object's current security descriptor.
Return S_OK if successful.
Return a nonzero error code if an error occurs. Return E_ACCESSDENIED if the user does not have the permission to read the requested security information.
Windows NT/2000: Requires Windows 2000.
Header: Declared in Aclui.h.
Access Control Editor Overview, Access Control Editor Interfaces, ISecurityInformation::GetObjectInformation, SECURITY_INFORMATION