SECURITY_DESCRIPTOR structure

The SECURITY_DESCRIPTOR structure contains the security information associated with an object. Drivers use this structure to set and query an object's security status.

Because the internal format of a security descriptor can vary, drivers are not to modify the SECURITY_DESCRIPTOR structure directly. For creating and manipulating a security descriptor, use the functions listed in the See Also section.

Syntax

typedef struct _SECURITY_DESCRIPTOR {
  UCHAR                       Revision;
  UCHAR                       Sbz1;
  SECURITY_DESCRIPTOR_CONTROL Control;
  PSID                        Owner;
  PSID                        Group;
  PACL                        Sacl;
  PACL                        Dacl;
} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;

Members

Revision

Sbz1

Control

Owner

Group

Sacl

Dacl

Remarks

A security descriptor includes information that specifies the following components of an object's security:

  • An owner (SID)
  • A primary group (SID)
  • A discretionary ACL (DACL)
  • A system ACL (SACL)
Qualifiers for the preceding items

Requirements: ntifs.h (include ntifs.h)

Requirements

   
Minimum supported client Available starting with Microsoft Windows 2000.
Header ntifs.h

See Also

ACL

ObGetObjectSecurity

ObReleaseObjectSecurity

RtlCreateSecurityDescriptor

RtlGetOwnerSecurityDescriptor

RtlLengthSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlSetOwnerSecurityDescriptor

RtlValidSecurityDescriptor

SECURITY_DESCRIPTOR_CONTROL

SECURITY_INFORMATION

SID

SeAccessCheck

SeAssignSecurity

SeAssignSecurityEx

SeDeassignSecurity

SeSetSecurityDescriptorInfo

SeSetSecurityDescriptorInfoEx

SeValidSecurityDescriptor

ZwQuerySecurityObject

ZwSetSecurityObject