SePrivilegeCheck function (ntifs.h)

The SePrivilegeCheck routine determines whether a specified set of privileges is enabled in the subject's access token.

Syntax

BOOLEAN SePrivilegeCheck(
  [in, out] PPRIVILEGE_SET            RequiredPrivileges,
  [in]      PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
  [in]      KPROCESSOR_MODE           AccessMode
);

Parameters

[in, out] RequiredPrivileges

Pointer to a PRIVILEGE_SET structure. The Privilege member of this structure is an array of LUID_AND_ATTRIBUTES structures. Before calling SePrivilegeCheck, use the Privilege array to indicate the set of privileges to check. Set the Control member to PRIVILEGE_SET_ALL_NECESSARY if all of the privileges must be enabled; or set it to zero if it is sufficient that any one of the privileges be enabled.

When SePrivilegeCheck returns, the Attributes member of each LUID_AND_ATTRIBUTES structure is set to SE_PRIVILEGE_USED_FOR_ACCESS if the corresponding privilege is enabled.

[in] SubjectSecurityContext

Pointer to the subject's captured security context.

[in] AccessMode

The access mode to use for the privilege check. Either UserMode or KernelMode. If AccessMode is set to KernelMode, then all privileges are marked as being possessed by the subject, and SePrivilegeCheck returns TRUE.

Return value

SePrivilegeCheck returns TRUE if all specified privileges are held by the subject, FALSE otherwise.

Remarks

An access token contains a list of the privileges held by the account associated with the token. These privileges can be enabled or disabled; most are disabled by default. SePrivilegeCheck checks only for enabled privileges. To get a list of all the enabled and disabled privileges held by an access token, call SeQueryInformationToken.

For more information about security and access control, see Windows security model for driver developers and the documentation on these topics in the Windows SDK.

Requirements

Requirement Value
Target Platform Universal
Header ntifs.h (include Ntifs.h)
Library NtosKrnl.lib
DLL NtosKrnl.exe
IRQL PASSIVE_LEVEL

See also

LUID_AND_ATTRIBUTES

PRIVILEGE_SET

SECURITY_SUBJECT_CONTEXT

SeAccessCheck

SeAppendPrivileges

SeFreePrivileges

SeQueryInformationToken

SeSinglePrivilegeCheck