184.108.40.206.4.2 INtmsObjectManagement1::SetNtmsObjectSecurity (Opnum 4)
The SetNtmsObjectSecurity method changes the security descriptor of an object.
HRESULT SetNtmsObjectSecurity( [in] LPNTMS_GUID lpObjectId, [in] DWORD dwType, [in] DWORD SecurityInformation, [in, size_is(nLength)] PSECURITY_DESCRIPTOR_NTMS lpSecurityDescriptor, [in] DWORD nLength );
lpObjectId: A pointer to the identifier of the object for which to change security information.
dwType: A value from the NtmsObjectsTypes (section 220.127.116.11) enumeration specifying the type of the object.
SecurityInformation: A SECURITY_INFORMATION structure specifying the security data to change.
lpSecurityDescriptor: A pointer to a SECURITY_DESCRIPTOR structure that describes the security descriptor to write to the object.
nLength: The length, in bytes, of lpSecurityDescriptor.
The call was successful.
Privileges required to modify the security descriptor are denied.
A parameter is not valid.
The object was not found.
The database query or update failed.
The database is full.
Upon receiving this message, the server MUST verify that lpObjectId, lpSecurityDescriptor, and nLength are not NULL. If parameter validation fails, the server MUST immediately fail the operation and return ERROR_INVALID_PARAMETER (0x80070057).
If parameter validation succeeds, the server MUST verify that the user has the required access rights, and set the security information of the given object. If the client does not have the required access rights to the object, the server MUST return ERROR_ACCESS_DENIED (0x80070005).
If an application uses SetNtmsObjectSecurity to set the discretionary access control list (DACL) of an object, the application MUST have WRITE_DAC permission or be the owner of the object.
If an application uses SetNtmsObjectSecurity to set the system DACL of an object, the SE_SECURITY_NAME privilege MUST be enabled for the application.