securitybaseapi.h header

This header is used by Event Tracing. For more information, see:

  • Event Tracing securitybaseapi.h contains the following programming interfaces:

Functions

Title Description
AccessCheck Determines whether a security descriptor grants a specified set of access rights to the client identified by an access token.
AccessCheckByType Determines whether a security descriptor grants a specified set of access rights to the client identified by an access token.
AccessCheckByTypeResultList Determines whether a security descriptor grants a specified set of access rights to the client identified by an access token.
AddAccessAllowedAce Adds an access-allowed access control entry (ACE) to an access control list (ACL). The access is granted to a specified security identifier (SID).
AddAccessAllowedAceEx Adds an access-allowed access control entry (ACE) to the end of a discretionary access control list (DACL).
AddAccessAllowedObjectAce Adds an access-allowed access control entry (ACE) to the end of a discretionary access control list (DACL).
AddAccessDeniedAce Adds an access-denied access control entry (ACE) to an access control list (ACL). The access is denied to a specified security identifier (SID).
AddAccessDeniedAceEx Adds an access-denied access control entry (ACE) to the end of a discretionary access control list (DACL).
AddAccessDeniedObjectAce Adds an access-denied access control entry (ACE) to the end of a discretionary access control list (DACL). The new ACE can deny access to an object, or to a property set or property on an object.
AddAce Adds one or more access control entries (ACEs) to a specified access control list (ACL).
AddAuditAccessAce Adds a system-audit access control entry (ACE) to a system access control list (ACL). The access of a specified security identifier (SID) is audited.
AddAuditAccessAceEx Adds a system-audit access control entry (ACE) to the end of a system access control list (SACL).
AddAuditAccessObjectAce Adds a system-audit access control entry (ACE) to the end of a system access control list (SACL).
AddMandatoryAce Adds a SYSTEM_MANDATORY_LABEL_ACE access control entry (ACE) to the specified system access control list (SACL).
AddResourceAttributeAce Adds a SYSTEM_RESOURCE_ATTRIBUTE_ACEaccess control entry (ACE) to the end of a system access control list (SACL).
AddScopedPolicyIDAce Adds a SYSTEM_SCOPED_POLICY_ID_ACEaccess control entry (ACE) to the end of a system access control list (SACL).
AdjustTokenGroups Enables or disables groups already present in the specified access token. Access to TOKEN_ADJUST_GROUPS is required to enable or disable groups in an access token.
AdjustTokenPrivileges Enables or disables privileges in the specified access token. Enabling or disabling privileges in an access token requires TOKEN_ADJUST_PRIVILEGES access.
AllocateAndInitializeSid Allocates and initializes a security identifier (SID) with up to eight subauthorities.
AllocateLocallyUniqueId Allocates a locally unique identifier (LUID).
AreAllAccessesGranted Checks whether a set of requested access rights has been granted. The access rights are represented as bit flags in an access mask.
AreAnyAccessesGranted Tests whether any of a set of requested access rights has been granted. The access rights are represented as bit flags in an access mask.
CheckTokenCapability Checks the capabilities of a given token.
CheckTokenMembership Determines whether a specified security identifier (SID) is enabled in an access token.
CheckTokenMembershipEx Determines whether the specified SID is enabled in the specified token.
ConvertToAutoInheritPrivateObjectSecurity Converts a security descriptor and its access control lists (ACLs) to a format that supports automatic propagation of inheritable access control entries (ACEs).
CopySid Copies a security identifier (SID) to a buffer.
CreatePrivateObjectSecurity Allocates and initializes a self-relative security descriptor for a new private object. A protected server calls this function when it creates a new private object.
CreatePrivateObjectSecurityEx Allocates and initializes a self-relative security descriptor for a new private object created by the resource manager calling this function.
CreatePrivateObjectSecurityWithMultipleInheritance Allocates and initializes a self-relative security descriptor for a new private object created by the resource manager calling this function.
CreateRestrictedToken Creates a new access token that is a restricted version of an existing access token. The restricted token can have disabled security identifiers (SIDs), deleted privileges, and a list of restricting SIDs.
CreateWellKnownSid Creates a SID for predefined aliases.
CveEventWrite A tracing function for publishing events when an attempted security vulnerability exploit is detected in your user-mode application.
DeleteAce Deletes an access control entry (ACE) from an access control list (ACL).
DeriveCapabilitySidsFromName This function constructs two arrays of SIDs out of a capability name. One is an array group SID with NT Authority, and the other is an array of capability SIDs with AppAuthority.
DestroyPrivateObjectSecurity Deletes a private object's security descriptor.
DuplicateToken Creates a new access token that duplicates one already in existence.
DuplicateTokenEx Creates a new access token that duplicates an existing token. This function can create either a primary token or an impersonation token.
EqualDomainSid Determines whether two SIDs are from the same domain.
EqualPrefixSid Tests two security-identifier (SID) prefix values for equality. A SID prefix is the entire SID except for the last subauthority value.
EqualSid Tests two security identifier (SID) values for equality. Two SIDs must match exactly to be considered equal.
FindFirstFreeAce Retrieves a pointer to the first free byte in an access control list (ACL).
FreeSid Frees a security identifier (SID) previously allocated by using the AllocateAndInitializeSid function.
GetAce Obtains a pointer to an access control entry (ACE) in an access control list (ACL).
GetAclInformation Retrieves information about an access control list (ACL).
GetKernelObjectSecurity Retrieves a copy of the security descriptor that protects a kernel object.
GetLengthSid Returns the length, in bytes, of a valid security identifier (SID).
GetPrivateObjectSecurity Retrieves information from a private object's security descriptor.
GetSecurityDescriptorControl Retrieves a security descriptor control and revision information.
GetSecurityDescriptorDacl Retrieves a pointer to the discretionary access control list (DACL) in a specified security descriptor.
GetSecurityDescriptorGroup Retrieves the primary group information from a security descriptor.
GetSecurityDescriptorLength Returns the length, in bytes, of a structurally valid security descriptor. The length includes the length of all associated structures.
GetSecurityDescriptorOwner Retrieves the owner information from a security descriptor.
GetSecurityDescriptorRMControl Retrieves the resource manager control bits.
GetSecurityDescriptorSacl Retrieves a pointer to the system access control list (SACL) in a specified security descriptor.
GetSidIdentifierAuthority Returns a pointer to the SID_IDENTIFIER_AUTHORITY structure in a specified security identifier (SID).
GetSidLengthRequired Returns the length, in bytes, of the buffer required to store a SID with a specified number of subauthorities.
GetSidSubAuthority Returns a pointer to a specified subauthority in a security identifier (SID). The subauthority value is a relative identifier (RID).
GetSidSubAuthorityCount Returns a pointer to the member in a security identifier (SID) structure that contains the subauthority count.
GetTokenInformation Retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information.
GetWindowsAccountDomainSid Receives a security identifier (SID) and returns a SID representing the domain of that SID.
ImpersonateAnonymousToken Enables the specified thread to impersonate the system's anonymous logon token.
ImpersonateLoggedOnUser Lets the calling thread impersonate the security context of a logged-on user. The user is represented by a token handle.
ImpersonateSelf Obtains an access token that impersonates the security context of the calling process. The token is assigned to the calling thread.
InitializeAcl Initializes a new ACL structure.
InitializeSecurityDescriptor Initializes a new security descriptor.
InitializeSid Initializes a security identifier (SID).
IsTokenRestricted Indicates whether a token contains a list of restricted security identifiers (SIDs).
IsValidAcl Validates an access control list (ACL).
IsValidSecurityDescriptor Determines whether the components of a security descriptor are valid.
IsValidSid Validates a security identifier (SID) by verifying that the revision number is within a known range, and that the number of subauthorities is less than the maximum.
IsWellKnownSid Compares a SID to a well-known SID and returns TRUE if they match.
MakeAbsoluteSD Creates a security descriptor in absolute format by using a security descriptor in self-relative format as a template.
MakeSelfRelativeSD Creates a security descriptor in self-relative format by using a security descriptor in absolute format as a template.
MapGenericMask Maps the generic access rights in an access mask to specific and standard access rights. The function applies a mapping supplied in a GENERIC_MAPPING structure.
PrivilegeCheck Determines whether a specified set of privileges are enabled in an access token.
QuerySecurityAccessMask Creates an access mask that represents the access permissions necessary to query the specified object security information.
RevertToSelf Terminates the impersonation of a client application.
SetAclInformation Sets information about an access control list (ACL).
SetKernelObjectSecurity Sets the security of a kernel object.
SetPrivateObjectSecurity Modifies a private object's security descriptor.
SetPrivateObjectSecurityEx Modifies the security descriptor of a private object maintained by the resource manager calling this function.
SetSecurityAccessMask Creates an access mask that represents the access permissions necessary to set the specified object security information.
SetSecurityDescriptorControl Sets the control bits of a security descriptor. The function can set only the control bits that relate to automatic inheritance of ACEs.
SetSecurityDescriptorDacl Sets information in a discretionary access control list (DACL). If a DACL is already present in the security descriptor, the DACL is replaced.
SetSecurityDescriptorGroup Sets the primary group information of an absolute-format security descriptor, replacing any primary group information already present in the security descriptor.
SetSecurityDescriptorOwner Sets the owner information of an absolute-format security descriptor. It replaces any owner information already present in the security descriptor.
SetSecurityDescriptorRMControl Sets the resource manager control bits in the SECURITY_DESCRIPTOR structure.
SetSecurityDescriptorSacl Sets information in a system access control list (SACL). If there is already a SACL present in the security descriptor, it is replaced.
SetTokenInformation Sets various types of information for a specified access token.