2.2.1.3 SECURITY_INFORMATION
The SECURITY_INFORMATION type is used to specify which portions of a security descriptor the caller would like to retrieve or set on an object.
The SECURITY_INFORMATION data type is defined in [MS-DTYP] section 2.4.7. The following declaration is an alternative definition.
This type is declared as follows:
-
typedef unsigned long SECURITY_INFORMATION;
The following table defines the bits that are relevant to the Local Security Authority (Domain Policy) Remote Protocol.
|
Value |
Meaning |
|---|---|
|
OWNER_SECURITY_INFORMATION 0x00000001 |
Return the Owner portion of the security descriptor. |
|
GROUP_SECURITY_INFORMATION 0x00000002 |
Return the Group portion of the security descriptor. |
|
DACL_SECURITY_INFORMATION 0x00000004 |
Return the DACL portion of the security descriptor. |
|
SACL_SECURITY_INFORMATION 0x00000008 |
Return the SACL portion of the security descriptor. |
Other values SHOULD NOT be set.
The server honors the request to set or retrieve security information only if the caller has the appropriate rights to the object.
The following table lists the SECURITY_INFORMATION bits and the corresponding user rights required of the caller requesting to query information.
|
Security information access requested |
Rights required of caller on server |
Privileges required of caller on server |
|---|---|---|
|
OWNER_SECURITY_INFORMATION |
READ_CONTROL |
Does not apply. |
|
GROUP_SECURITY_INFORMATION |
READ_CONTROL |
Does not apply. |
|
DACL_SECURITY_INFORMATION |
READ_CONTROL |
Does not apply. |
|
SACL_SECURITY_INFORMATION |
Does not apply. |
Security privilege. |
The following table lists the SECURITY_INFORMATION bits and the corresponding user rights required of the caller requesting to set information.
|
Security information access requested |
Rights required of caller on server |
Privileges required of caller on server |
|---|---|---|
|
OWNER_SECURITY_INFORMATION |
WRITE_OWNER |
Take ownership privilege. Note Either the access bit or the privilege is sufficient; the caller does not need both. |
|
GROUP_SECURITY_INFORMATION |
WRITE_OWNER |
Take-ownership privilege. |
|
DACL_SECURITY_INFORMATION |
WRITE_DAC |
Does not apply. |
|
SACL_SECURITY_INFORMATION |
Does not apply. |
Security privilege. |