RtlSetDaclSecurityDescriptor

NTSTATUS
RtlSetDaclSecurityDescriptor(

IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN BOOLEAN DaclPresent,
IN PACL Dacl,/* optional */
IN BOOLEAN DaclDefaulted /* optional */
);

RtlSetDaclSecurityDescriptor sets the DACL information of an absolute-format security descriptor. If there is already a DACL present in the security descriptor, it is superseded.

Parameters

SecurityDescriptor

Points to the security descriptor to which the DACL is to be applied.

DaclPresent

If FALSE, indicates that the DaclPresent flag in the security descriptor should be set to FALSE. In this case, the remaining optional parameters are ignored. Otherwise, the DaclPresent control flag in the security descriptor is set to TRUE and the remaining optional parameters are not ignored.

Dacl

Points to the DACL for the security descriptor. If this parameter is NULL, a NULL ACL is assigned to the security descriptor. A NULL DACL unconditionally grants access. The DACL is referenced by, but not copied into, the security descriptor.

DaclDefaulted

When set, indicates that the DACL was picked up from some default mechanism rather than explicitly specified by the caller. This value is set in the DaclDefaulted control flag in the security descriptor. If this parameter is NULL, the DaclDefaulted flag will be cleared.

Return Value

RtlSetDaclSecurityDescriptor can return one of the following status codes:

Value Meaning
STATUS_SUCCESS Indicates the call completed successfully.
STATUS_UNKNOWN_REVISION Indicates the revision of the security descriptor is unknown.
STATUS_INVALID_SECURITY_DESCR Indicates the security descriptor is not an absolute format security descriptor.

Comments

Callers of RtlSetDaclSecurityDescriptor must be running at IRQL PASSIVE_LEVEL.

See Also

RtlCreateSecurityDescriptor, RtlLengthSecurityDescriptor, RtlValidSecurityDescriptor