SECURITY_DESCRIPTOR structure (ntifs.h)
The SECURITY_DESCRIPTOR structure contains the security information associated with an object. Drivers use this structure to set and query an object's security status.
Because the internal format of a security descriptor can vary, drivers are not to modify the SECURITY_DESCRIPTOR structure directly. For creating and manipulating a security descriptor, use the functions listed in the See Also section.
Syntax
typedef struct _SECURITY_DESCRIPTOR {
UCHAR Revision;
UCHAR Sbz1;
SECURITY_DESCRIPTOR_CONTROL Control;
PSID Owner;
PSID Group;
PACL Sacl;
PACL Dacl;
} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
Members
Revision
Specifies the revision level of the security descriptor.
Sbz1
Specifies a zero byte of padding that aligns the Revision member on a 16-bit boundary.
Control
The control information of security descriptor. For more information, see SECURITY_DESCRIPTOR_CONTROL.
Owner
A pointer to an owner security identifier.
Note
This member might be invalid. You should use RtlGetOwnerSecurityDescriptor to get an owner security identifier.
Group
A pointer to a primary group security identifier.
Note
This member might be invalid. You should use RtlGetGroupSecurityDescriptor to get this member.
Sacl
A pointer to a system access control list (SACL).
Note
This member might be invalid. You should use RtlGetSaclSecurityDescriptor to get this member.
Dacl
A pointer to a discretionary access control list (DACL).
Note
This member might be invalid. You should use RtlGetDaclSecurityDescriptor to get this member.
Remarks
A security descriptor includes information that specifies the following components of an object's security:
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Available starting with Microsoft Windows 2000. |
| Header | ntifs.h |