GetFileSecurityA function (winbase.h)
The GetFileSecurity function obtains specified information about the security of a file or directory. The information obtained is constrained by the caller's access rights and privileges.
The GetNamedSecurityInfo function provides functionality similar to GetFileSecurity for files as well as other types of objects.
Syntax
BOOL GetFileSecurityA(
[in] LPCSTR lpFileName,
[in] SECURITY_INFORMATION RequestedInformation,
[out, optional] PSECURITY_DESCRIPTOR pSecurityDescriptor,
[in] DWORD nLength,
[out] LPDWORD lpnLengthNeeded
);
Parameters
[in] lpFileName
A pointer to a null-terminated string that specifies the file or directory for which security information is retrieved.
[in] RequestedInformation
A SECURITY_INFORMATION value that identifies the security information being requested.
[out, optional] pSecurityDescriptor
A pointer to a buffer that receives a copy of the security descriptor of the object specified by the lpFileName parameter. The calling process must have permission to view the specified aspects of the object's security status. The SECURITY_DESCRIPTOR structure is returned in self-relative security descriptor format.
[in] nLength
Specifies the size, in bytes, of the buffer pointed to by the pSecurityDescriptor parameter.
[out] lpnLengthNeeded
A pointer to the variable that receives the number of bytes necessary to store the complete security descriptor. If the returned number of bytes is less than or equal to nLength, the entire security descriptor is returned in the output buffer; otherwise, none of the descriptor is returned.
Return value
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
Remarks
To read the owner, group, or DACL from the security descriptor for the specified file or directory, the DACL for the file or directory must grant READ_CONTROL access to the caller, or the caller must be the owner of the file or directory.
To read the SACL of a file or directory, the SE_SECURITY_NAME privilege must be enabled for the calling process.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP [desktop apps only] |
| Minimum supported server | Windows Server 2003 [desktop apps only] |
| Target Platform | Windows |
| Header | winbase.h (include Windows.h) |
| Library | Advapi32.lib |
| DLL | Advapi32.dll |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for