3.2.5.2.4.2 INtmsObjectManagement1::SetNtmsObjectSecurity (Opnum 4)
The SetNtmsObjectSecurity method changes the security descriptor of an object.
-
HRESULT SetNtmsObjectSecurity( [in] LPNTMS_GUID lpObjectId, [in] DWORD dwType, [in] DWORD SecurityInformation, [in, size_is(nLength)] PSECURITY_DESCRIPTOR_NTMS lpSecurityDescriptor, [in] DWORD nLength );
lpObjectId: A pointer to the identifier of the object for which to change security information.
dwType: A value from the NtmsObjectsTypes (section 2.2.1.6) enumeration specifying the type of the object.
SecurityInformation: A SECURITY_INFORMATION structure specifying the security data to change.
lpSecurityDescriptor: A pointer to a SECURITY_DESCRIPTOR structure that describes the security descriptor to write to the object.
nLength: The length, in bytes, of lpSecurityDescriptor.
-
Return value/code
Description
0x00000000
S_OK
The call was successful.
0x80070005
ERROR_ACCESS_DENIED
Privileges required to modify the security descriptor are denied.
0x80070057
ERROR_INVALID_PARAMETER
A parameter is not valid.
0x800710D8
ERROR_OBJECT_NOT_FOUND
The object was not found.
0x800710D9
ERROR_DATABASE_FAILURE
The database query or update failed.
0x800710DA
ERROR_DATABASE_FULL
The database is full.
Upon receiving this message, the server MUST verify that lpObjectId, lpSecurityDescriptor, and nLength are not NULL. If parameter validation fails, the server MUST immediately fail the operation and return ERROR_INVALID_PARAMETER (0x80070057).
If parameter validation succeeds, the server MUST verify that the user has the required access rights, and set the security information of the given object. If the client does not have the required access rights to the object, the server MUST return ERROR_ACCESS_DENIED (0x80070005).
If an application uses SetNtmsObjectSecurity to set the discretionary access control list (DACL) of an object, the application MUST have WRITE_DAC permission or be the owner of the object.
If an application uses SetNtmsObjectSecurity to set the system DACL of an object, the SE_SECURITY_NAME privilege MUST be enabled for the application.