ObjectSecurity.SetSecurityDescriptorBinaryForm Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Sets the security descriptor for this ObjectSecurity object from the specified binary data.
Overloads
| SetSecurityDescriptorBinaryForm(Byte[]) |
Sets the security descriptor for this ObjectSecurity object from the specified array of byte values. |
| SetSecurityDescriptorBinaryForm(Byte[], AccessControlSections) |
Sets the specified sections of the security descriptor for this ObjectSecurity object from the specified array of byte values. |
Remarks
If the security descriptor represented by the binary data contains null for its discretionary access control list (DACL), a single access control entry (ACE) that allows everyone full access (AEFA) is added to the DACL. If an application modifies the DACL of a security descriptor to which an AEFA ACE has been added, the AEFA ACE is persisted with the DACL when that DACL is persisted.
This can result in an application unintentionally allowing access to principals. Because of this, an application should check for the existence of an AEFA ACE and remove it before modifying any security descriptor.
SetSecurityDescriptorBinaryForm(Byte[])
Sets the security descriptor for this ObjectSecurity object from the specified array of byte values.
public:
void SetSecurityDescriptorBinaryForm(cli::array <System::Byte> ^ binaryForm);public void SetSecurityDescriptorBinaryForm (byte[] binaryForm);member this.SetSecurityDescriptorBinaryForm : byte[] -> unitPublic Sub SetSecurityDescriptorBinaryForm (binaryForm As Byte())Parameters
- binaryForm
- Byte[]
The array of bytes from which to set the security descriptor.
Remarks
If the security descriptor represented by the binary data contains null for its discretionary access control list (DACL), a single access control entry (ACE) that allows everyone full access (AEFA) is added to the DACL. If an application modifies the DACL of a security descriptor to which an AEFA ACE has been added, the AEFA ACE is persisted with the DACL when that DACL is persisted.
This can result in an application unintentionally allowing access to principals. Because of this, an application should check for the existence of an AEFA ACE and remove it before modifying any security descriptor.
Applies to
SetSecurityDescriptorBinaryForm(Byte[], AccessControlSections)
Sets the specified sections of the security descriptor for this ObjectSecurity object from the specified array of byte values.
public:
void SetSecurityDescriptorBinaryForm(cli::array <System::Byte> ^ binaryForm, System::Security::AccessControl::AccessControlSections includeSections);public void SetSecurityDescriptorBinaryForm (byte[] binaryForm, System.Security.AccessControl.AccessControlSections includeSections);member this.SetSecurityDescriptorBinaryForm : byte[] * System.Security.AccessControl.AccessControlSections -> unitPublic Sub SetSecurityDescriptorBinaryForm (binaryForm As Byte(), includeSections As AccessControlSections)Parameters
- binaryForm
- Byte[]
The array of bytes from which to set the security descriptor.
- includeSections
- AccessControlSections
The sections (access rules, audit rules, owner, primary group) of the security descriptor to set.
Remarks
If the security descriptor represented by the binary data contains null for its discretionary access control list (DACL), a single access control entry (ACE) that allows everyone full access (AEFA) is added to the DACL. If an application modifies the DACL of a security descriptor to which an AEFA ACE has been added, the AEFA ACE is persisted with the DACL when that DACL is persisted.
This can result in an application unintentionally allowing access to principals. Because of this, an application should check for the existence of an AEFA ACE and remove it before modifying any security descriptor.
