GetPrivateObjectSecurity function (securitybaseapi.h)
The GetPrivateObjectSecurity function retrieves information from a private object's security descriptor.
Syntax
BOOL GetPrivateObjectSecurity(
[in] PSECURITY_DESCRIPTOR ObjectDescriptor,
[in] SECURITY_INFORMATION SecurityInformation,
[out, optional] PSECURITY_DESCRIPTOR ResultantDescriptor,
[in] DWORD DescriptorLength,
[out] PDWORD ReturnLength
);
Parameters
[in] ObjectDescriptor
A pointer to a SECURITY_DESCRIPTOR structure. This is the security descriptor to be queried.
[in] SecurityInformation
A set of bit flags that indicate the parts of the security descriptor to retrieve. This parameter can be a combination of the SECURITY_INFORMATION bit flags.
[out, optional] ResultantDescriptor
A pointer to a buffer that receives a copy of the requested information from the specified security descriptor. The SECURITY_DESCRIPTOR structure is returned in self-relative format.
[in] DescriptorLength
Specifies the size, in bytes, of the buffer pointed to by the ResultantDescriptor parameter.
[out] ReturnLength
A pointer to a variable the function sets to zero if the descriptor is copied successfully. If the buffer is too small for the security descriptor, this variable receives the number of bytes required. If this variable's value is greater than the value of the DescriptorLength parameter when the function returns, the function returns FALSE and none of the security descriptor is copied to the buffer.
Return value
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
Remarks
This function is intended for use by resource managers only. To implement the standard access control semantics for updating security descriptors, a resource manager should verify that the following conditions are met before calling GetPrivateObjectSecurity:
- If the object's owner is being set, the calling process must have either WRITE_OWNER permission or be the object's owner.
- If the object's discretionary access control list is being set, the calling process must have either WRITE_DAC permission or be the object's owner.
- If the object's system access control list is being set, the SE_SECURITY_NAME privilege must be enabled for the calling process.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows XP [desktop apps only] |
Minimum supported server | Windows Server 2003 [desktop apps only] |
Target Platform | Windows |
Header | securitybaseapi.h (include Windows.h) |
Library | Advapi32.lib |
DLL | Advapi32.dll |
See also
Client/Server Access Control Functions