SECURITY_DESCRIPTOR

The SECURITY_DESCRIPTOR structure contains the security information associated with an object. Drivers use this structure to set and query an object's security status.

Because the internal format of a security descriptor can vary, drivers are not to modify the SECURITY_DESCRIPTOR structure directly. For creating and manipulating a security descriptor, use the functions listed in the See Also section.

SECURITY_DESCRIPTOR

typedef struct _SECURITY_DESCRIPTOR {
  UCHAR  Revision;
  UCHAR  Sbz1;
  SECURITY_DESCRIPTOR_CONTROL  Control;
  PSID  Owner;
  PSID  Group;
  PACL  Sacl;
  PACL  Dacl;
} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;

A security descriptor includes information that specifies the following components of an object's security:

  • An owner (SID)

  • A primary group (SID)

  • A discretionary ACL (DACL)

  • A system ACL (SACL)

Qualifiers for the preceding items

Requirements: ntifs.h (include ntifs.h)

ACL

ObGetObjectSecurity

ObReleaseObjectSecurity

RtlCreateSecurityDescriptor

RtlGetOwnerSecurityDescriptor

RtlLengthSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlSetOwnerSecurityDescriptor

RtlValidSecurityDescriptor

SeAccessCheck

SeAssignSecurity

SeAssignSecurityEx

SECURITY_DESCRIPTOR_CONTROL

SECURITY_INFORMATION

SeDeassignSecurity

SeSetSecurityDescriptorInfo

SeSetSecurityDescriptorInfoEx

SeValidSecurityDescriptor

SID

ZwQuerySecurityObject

ZwSetSecurityObject

Send comments about this topic to Microsoft