EventAccessQuery function

Retrieves the permissions for the specified controller or provider.

Syntax

ULONG EVNTAPI EventAccessQuery(
  LPGUID               Guid,
  PSECURITY_DESCRIPTOR Buffer,
  PULONG               BufferSize
);

Parameters

Guid

GUID that uniquely identifies the provider or session.

Buffer

Application-allocated buffer that will contain the security descriptor of the controller or provider.

BufferSize

Size of the security descriptor buffer, in bytes. If the function succeeds, this parameter receives the size of the buffer used. If the buffer is too small, the function returns ERROR_MORE_DATA and this parameter receives the required buffer size. If the buffer size is zero on input, no data is returned in the buffer and this parameter receives the required buffer size.

Return Value

Returns ERROR_SUCCESS if successful.

The function returns the following return code if an error occurs:

Return code Description
ERROR_MORE_DATA
The buffer is too small to receive the security descriptor. Reallocate the buffer using the size returned in BufferSize.

Remarks

If the GUID does not exist in the registry, ETW returns the default permissions for a provider or controller. For details on specifying the GUID in the registry, see EventAccessControl.

For information on accessing the components of the security descriptor, see Getting Information from an ACL, the GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, and GetAce functions, and the ACE structure.

Requirements

   
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header evntcons.h
Library Advapi32.lib
DLL Advapi32.dll

See Also

EventAccessControl

EventAccessRemove