NTSTATUS
RtlSetDaclSecurityDescriptor(
IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
IN BOOLEAN DaclPresent,
IN PACL Dacl,/* optional */
IN BOOLEAN DaclDefaulted /* optional */
);
RtlSetDaclSecurityDescriptor sets the DACL information of an absolute-format security descriptor. If there is already a DACL present in the security descriptor, it is superseded.
Parameters
SecurityDescriptor
Points to the security descriptor to which the DACL is to be applied.
DaclPresent
If FALSE, indicates that the DaclPresent flag in the security descriptor should be set to FALSE. In this case, the remaining optional parameters are ignored. Otherwise, the DaclPresent control flag in the security descriptor is set to TRUE and the remaining optional parameters are not ignored.
Dacl
Points to the DACL for the security descriptor. If this parameter is NULL, a NULL ACL is assigned to the security descriptor. A NULL DACL unconditionally grants access. The DACL is referenced by, but not copied into, the security descriptor.
DaclDefaulted
When set, indicates that the DACL was picked up from some default mechanism rather than explicitly specified by the caller. This value is set in the DaclDefaulted control flag in the security descriptor. If this parameter is NULL, the DaclDefaulted flag will be cleared.
Return Value
RtlSetDaclSecurityDescriptor can return one of the following status codes:
| Value | Meaning |
| STATUS_SUCCESS | Indicates the call completed successfully. |
| STATUS_UNKNOWN_REVISION | Indicates the revision of the security descriptor is unknown. |
| STATUS_INVALID_SECURITY_DESCR | Indicates the security descriptor is not an absolute format security descriptor. |
Comments
Callers of RtlSetDaclSecurityDescriptor must be running at IRQL PASSIVE_LEVEL.
See Also
RtlCreateSecurityDescriptor, RtlLengthSecurityDescriptor, RtlValidSecurityDescriptor