Authorization Structures
The following structures are used with authorization applications.
In this section
| Topic | Description |
|---|---|
| ACCESS_ALLOWED_ACE |
Defines an access control entry (ACE) for the discretionary access control list (DACL) that controls access to an object. An access-allowed ACE allows access to an object for a specific trustee identified by a security identifier (SID). |
| ACCESS_ALLOWED_CALLBACK_ACE |
The ACCESS_ALLOWED_CALLBACK_ACE structure defines an access control entry for the discretionary access control list that controls access to an object. |
| ACCESS_ALLOWED_CALLBACK_OBJECT_ACE |
Defines an access control entry (ACE) that controls allowed access to an object, property set, or property. |
| ACCESS_ALLOWED_OBJECT_ACE |
Defines an access control entry (ACE) that controls allowed access to an object, a property set, or property. |
| ACCESS_DENIED_ACE |
Defines an access control entry (ACE) for the discretionary access control list (DACL) that controls access to an object. An access-denied ACE denies access to an object for a specific trustee identified by a security identifier (SID). |
| ACCESS_DENIED_CALLBACK_ACE |
The ACCESS_DENIED_CALLBACK_ACE structure defines an access control entry for the discretionary access control list that controls access to an object. |
| ACCESS_DENIED_CALLBACK_OBJECT_ACE |
The ACCESS_DENIED_CALLBACK_OBJECT_ACE structure defines an access control entry that controls denied access to an object, a property set, or property. |
| ACCESS_DENIED_OBJECT_ACE |
Defines an access control entry (ACE) that controls denied access to an object, a property set, or property. |
| ACE |
Lists the currently defined ACE types. |
| ACE_HEADER |
Defines the type and size of an access control entry (ACE). |
| ACL |
Header of an access control list (ACL). |
| ACL_REVISION_INFORMATION |
Contains revision information about an ACL structure. |
| ACL_SIZE_INFORMATION |
Contains information about the size of an ACL structure. |
| AUDIT_POLICY_INFORMATION |
Specifies a security event type and when to audit that type. |
| AUTHZ_ACCESS_REPLY |
Defines an access check reply. |
| AUTHZ_ACCESS_REQUEST |
Defines an access check request. |
| AUTHZ_INIT_INFO |
Defines the initialization information for the resource manager. |
| AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET |
Specifies the offset of a registration object type name. |
| AUTHZ_RPC_INIT_INFO_CLIENT |
initializes a remote resource manager for a client. |
| AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE |
Specifies a fully qualified binary name value associated with a security attribute. |
| AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE |
Specifies an octet string value for a security attribute. |
| AUTHZ_SECURITY_ATTRIBUTE_V1 |
Defines a security attribute that can be associated with an authorization context. |
| AUTHZ_SECURITY_ATTRIBUTES_INFORMATION |
Specifies one or more security attributes and values. |
| AUTHZ_SOURCE_SCHEMA_REGISTRATION |
Specifies information about source schema registration. |
| CLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE |
Specifies the fully qualified binary name. |
| CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE |
Specifies the OCTET_STRING value type of the claim security attribute. |
| CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 |
Defines a resource attribute that is defined in continuous memory for persistence within a serialized security descriptor. |
| CLAIM_SECURITY_ATTRIBUTE_V1 |
Defines a security attribute that can be associated with a token or authorization context. |
| CLAIM_SECURITY_ATTRIBUTES_INFORMATION |
Defines the security attributes for the claim. |
| EFFPERM_RESULT_LIST |
Lists the effective permissions. |
| EXPLICIT_ACCESS |
Defines access control information for a specified trustee. |
| GENERIC_MAPPING |
Defines the mapping of generic access rights to specific and standard access rights for an object. |
| INHERITED_FROM |
Provides information about an object's inherited access control entry (ACE). |
| LUID |
64-bit value guaranteed to be unique only on the system on which it was generated. |
| LUID_AND_ATTRIBUTES |
Represents a locally unique identifier (LUID) and its attributes. |
| OBJECT_TYPE_LIST |
Identifies an object type element in a hierarchy of object types. |
| OBJECTS_AND_NAME |
Contains a string that identifies a trustee by name and additional strings that identify the object types of an object-specific access control entry (ACE). |
| OBJECTS_AND_SID |
Contains a security identifier (SID) that identifies a trustee and GUIDs that identify the object types of an object-specific access control entry (ACE). |
| POLICY_AUDIT_SID_ARRAY |
Specifies an array of SID structures that represent Windows users or groups. |
| PRIVILEGE_SET |
Specifies a set of privileges. |
| SECURITY_ATTRIBUTES |
The SECURITY_ATTRIBUTES security structure contains the security descriptor for an object and specifies whether the handle retrieved by specifying this structure is inheritable. |
| SECURITY_CAPABILITIES |
Defines the security capabilities of the app container. |
| SECURITY_DESCRIPTOR |
Contains the security information associated with an object. |
| SECURITY_OBJECT |
Contains the security object information. |
| SECURITY_QUALITY_OF_SERVICE |
Contains information used to support client impersonation. |
| SI_ACCESS |
Contains information about an access right or default access mask for a securable object. |
| SI_INHERIT_TYPE |
Contains information about how access control entries (ACEs) can be inherited by child objects. |
| SI_OBJECT_INFO |
Used to initialize the access control editor. |
| SID |
Used to uniquely identify users or groups. |
| SID_AND_ATTRIBUTES |
Represents a security identifier (SID) and its attributes. |
| SID_AND_ATTRIBUTES_HASH |
Specifies a hash values for the specified array of security identifiers (SIDs) |
| SID_IDENTIFIER_AUTHORITY |
Represents the top-level authority of a security identifier (SID). |
| SID_INFO |
Contains the list of common names corresponding to the SID structures returned by ISecurityInformation2::LookupSids. |
| SID_INFO_LIST |
Contains a list of SID_INFO structures. |
| SYSTEM_ALARM_ACE |
The SYSTEM_ALARM_ACE structure is reserved for future use. |
| SYSTEM_ALARM_CALLBACK_ACE |
The SYSTEM_ALARM_CALLBACK_ACE structure is reserved for future use. |
| SYSTEM_ALARM_CALLBACK_OBJECT_ACE |
The SYSTEM_ALARM_CALLBACK_OBJECT_ACE structure is reserved for future use. |
| SYSTEM_ALARM_OBJECT_ACE |
The SYSTEM_ALARM_OBJECT_ACE structure is reserved for future use. |
| SYSTEM_AUDIT_ACE |
Defines an access control entry (ACE) for the system access control list (SACL) that specifies what types of access cause system-level notifications. |
| SYSTEM_AUDIT_CALLBACK_ACE |
The SYSTEM_AUDIT_CALLBACK_ACE structure defines an access control entry for the system access control list that specifies what types of access cause system-level notifications. |
| SYSTEM_AUDIT_CALLBACK_OBJECT_ACE |
The SYSTEM_AUDIT_CALLBACK_OBJECT_ACE structure defines an access control entry for a system access control list. |
| SYSTEM_AUDIT_OBJECT_ACE |
Defines an access control entry (ACE) for a system access control list (SACL). |
| SYSTEM_MANDATORY_LABEL_ACE |
Defines an access control entry (ACE) for the system access control list (SACL) that specifies the mandatory access level and policy for a securable object. |
| SYSTEM_RESOURCE_ATTRIBUTE_ACE |
Defines an access control entry (ACE) for the system access control list (SACL) that specifies the system resource attributes for a securable object. |
| SYSTEM_SCOPED_POLICY_ID_ACE |
Defines an access control entry (ACE) for the system access control list (SACL) that specifies the scoped policy identifier for a securable object. |
| TOKEN_ACCESS_INFORMATION |
Specifies all the information in a token that is necessary to perform an access check. |
| TOKEN_APPCONTAINER_INFORMATION |
Specifies all the information in a token that is necessary for an app container. |
| TOKEN_AUDIT_POLICY |
Specifies the per user audit policy for a token. |
| TOKEN_CONTROL |
Contains information that identifies an access token. |
| TOKEN_DEFAULT_DACL |
Specifies a discretionary access control list (DACL). |
| TOKEN_DEVICE_CLAIMS |
Defines the device claims for the token. |
| TOKEN_ELEVATION |
Indicates whether a token has elevated privileges. |
| TOKEN_GROUPS |
Contains information about the group security identifiers (SIDs) in an access token. |
| TOKEN_GROUPS_AND_PRIVILEGES |
Contains information about the group security identifiers (SIDs) and privileges in an access token. |
| TOKEN_LINKED_TOKEN |
Contains a handle to a token. This token is linked to the token being queried by the GetTokenInformation function or set by the SetTokenInformation function. |
| TOKEN_MANDATORY_LABEL |
Specifies the mandatory integrity level for a token. |
| TOKEN_MANDATORY_POLICY |
Specifies the mandatory integrity policy for a token. |
| TOKEN_ORIGIN |
Contains information about the origin of the logon session. |
| TOKEN_OWNER |
Contains the default owner security identifier (SID) that will be applied to newly created objects. |
| TOKEN_PRIMARY_GROUP |
Specifies a group security identifier (SID) for an access token. |
| TOKEN_PRIVILEGES |
Contains information about a set of privileges for an access token. |
| TOKEN_SOURCE |
Identifies the source of an access token. |
| TOKEN_STATISTICS |
Contains information about an access token. |
| TOKEN_USER |
Identifies the user associated with an access token. |
| TOKEN_USER_CLAIMS |
Defines the user claims for the token. |
| TRUSTEE |
Identifies the user account, group account, or logon session to which an access control entry (ACE) applies. |
Authorization structures are categorized according to usage as follows:
- Basic Access Control Structures
- Access Control Editor Structures
- Client/Server Access Control Structures
Basic Access Control Structures
The following structures are used with access control.
- ACCESS_ALLOWED_ACE
- ACCESS_ALLOWED_CALLBACK_ACE
- ACCESS_ALLOWED_CALLBACK_OBJECT_ACE
- ACCESS_ALLOWED_OBJECT_ACE
- ACCESS_DENIED_ACE
- ACCESS_DENIED_CALLBACK_ACE
- ACCESS_DENIED_CALLBACK_OBJECT_ACE
- ACCESS_DENIED_OBJECT_ACE
- ACE
- ACE_HEADER
- ACL
- ACL_REVISION_INFORMATION
- ACL_SIZE_INFORMATION
- EXPLICIT_ACCESS
- LUID
- LUID_AND_ATTRIBUTES
- OBJECTS_AND_NAME
- OBJECTS_AND_SID
- SECURITY_ATTRIBUTES
- SECURITY_DESCRIPTOR
- SID
- SID_AND_ATTRIBUTES
- SID_IDENTIFIER_AUTHORITY
- SYSTEM_ALARM_ACE
- SYSTEM_ALARM_CALLBACK_ACE
- SYSTEM_ALARM_CALLBACK_OBJECT_ACE
- SYSTEM_ALARM_OBJECT_ACE
- SYSTEM_AUDIT_ACE
- SYSTEM_AUDIT_CALLBACK_ACE
- SYSTEM_AUDIT_CALLBACK_OBJECT_ACE
- SYSTEM_AUDIT_OBJECT_ACE
- SYSTEM_MANDATORY_LABEL_ACE
- TOKEN_CONTROL
- TOKEN_DEFAULT_DACL
- TOKEN_GROUPS
- TOKEN_GROUPS_AND_PRIVILEGES
- TOKEN_ORIGIN
- TOKEN_OWNER
- TOKEN_PRIMARY_GROUP
- TOKEN_PRIVILEGES
- TOKEN_SOURCE
- TOKEN_STATISTICS
- TOKEN_USER
- TRUSTEE
Access Control Editor Structures
The following structures are used with the access control editor.
Client/Server Access Control Structures
The following structures implement client/server access control functionality.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for