authz.h header

This header is used by Security and Identity. For more information, see:

authz.h contains the following programming interfaces:


Title Description
AuthzAccessCheck Determines which access bits can be granted to a client for a given set of security descriptors.
AuthzAddSidsToContext Creates a copy of an existing context and appends a given set of security identifiers (SIDs) and restricted SIDs.
AuthzCachedAccessCheck Performs a fast access check based on a cached handle containing the static granted bits from a previous AuthzAccessCheck call.
AuthzEnumerateSecurityEventSources Retrieves the registered security event sources that are not installed by default.
AuthzFreeAuditEvent Frees the structure allocated by the AuthzInitializeObjectAccessAuditEvent function.
AuthzFreeCentralAccessPolicyCache Decreases the CAP cache reference count by one so that the CAP cache can be deallocated.
AuthzFreeContext Frees all structures and memory associated with the client context. The list of handles for a client is freed in this call.
AuthzFreeHandle Finds and deletes a handle from the handle list.
AuthzFreeResourceManager Frees a resource manager object.
AuthzGetInformationFromContext Returns information about an Authz context.
AuthzInitializeCompoundContext Creates a user-mode context from the given user and device security contexts.
AuthzInitializeContextFromAuthzContext Creates a new client context based on an existing client context.
AuthzInitializeContextFromSid Creates a user-mode client context from a user security identifier (SID).
AuthzInitializeContextFromToken Initializes a client authorization context from a kernel token. The kernel token must have been opened for TOKEN_QUERY.
AuthzInitializeObjectAccessAuditEvent Initializes auditing for an object.
AuthzInitializeObjectAccessAuditEvent2 Allocates and initializes an AUTHZ_AUDIT_EVENT_HANDLE handle for use with the AuthzAccessCheck function.
AuthzInitializeRemoteResourceManager Allocates and initializes a remote resource manager. The caller can use the resulting handle to make RPC calls to a remote instance of the resource manager configured on a server.
AuthzInitializeResourceManager Uses Authz to verify that clients have access to various resources.
AuthzInitializeResourceManagerEx Allocates and initializes a resource manager structure.
AuthzInstallSecurityEventSource Installs the specified source as a security event source.
AuthzModifyClaims Adds, deletes, or modifies user and device claims in the Authz client context.
AuthzModifySecurityAttributes Modifies the security attribute information in the specified client context.
AuthzModifySids Adds, deletes, or modifies user and device groups in the Authz client context.
AuthzOpenObjectAudit Reads the system access control list (SACL) of the specified security descriptor and generates any appropriate audits specified by that SACL.
AuthzRegisterCapChangeNotification Registers a CAP update notification callback.
AuthzRegisterSecurityEventSource Registers a security event source with the Local Security Authority (LSA).
AuthzReportSecurityEvent Generates a security audit for a registered security event source.
AuthzReportSecurityEventFromParams Generates a security audit for a registered security event source by using the specified array of audit parameters.
AuthzSetAppContainerInformation Sets the app container and capability information in a current Authz context.
AuthzUninstallSecurityEventSource Removes the specified source from the list of valid security event sources.
AuthzUnregisterCapChangeNotification Removes a previously registered CAP update notification callback.
AuthzUnregisterSecurityEventSource Unregisters a security event source with the Local Security Authority (LSA).


Title Description
AUTHZ_ACCESS_REPLY Defines an access check reply.
AUTHZ_ACCESS_REQUEST Defines an access check request.
AUTHZ_INIT_INFO Defines the initialization information for the resource manager.
AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET Specifies the offset of a registration object type name.
AUTHZ_RPC_INIT_INFO_CLIENT Initializes a remote resource manager for a client.
AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE Specifies a fully qualified binary name value associated with a security attribute.
AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE Specifies an octet string value for a security attribute.
AUTHZ_SECURITY_ATTRIBUTE_V1 Defines a security attribute that can be associated with an authorization context.
AUTHZ_SECURITY_ATTRIBUTES_INFORMATION Specifies one or more security attributes and values.
AUTHZ_SOURCE_SCHEMA_REGISTRATION Specifies information about source schema registration.


Title Description
AUTHZ_CONTEXT_INFORMATION_CLASS Specifies the type of information to be retrieved from an existing AuthzClientContext. This enumeration is used by the AuthzGetInformationFromContext function.
AUTHZ_SECURITY_ATTRIBUTE_OPERATION Indicates the type of modification to be made to security attributes by a call to the AuthzModifySecurityAttributes function.
AUTHZ_SID_OPERATION Indicates the type of SID operations that can be made by a call to the AuthzModifySids function.