RtlSetDaclSecurityDescriptor function (wdm.h)
The RtlSetDaclSecurityDescriptor routine sets the DACL information of an absolute-format security descriptor, or if there is already a DACL present in the security descriptor, it is superseded.
Syntax
NTSYSAPI NTSTATUS RtlSetDaclSecurityDescriptor(
[in, out] PSECURITY_DESCRIPTOR SecurityDescriptor,
[in] BOOLEAN DaclPresent,
[in, optional] PACL Dacl,
[in, optional] BOOLEAN DaclDefaulted
);
Parameters
[in, out] SecurityDescriptor
A pointer to a SECURITY_DESCRIPTOR structure. This structure is the security descriptor to which the DACL is to be applied.
[in] DaclPresent
Whether to indicate that a DACL is present in the security descriptor. If this parameter is FALSE, RtlSetDaclSecurityDescriptor sets the SE_DACL_PRESENT control flag in the security descriptor to FALSE. In this case, the remaining optional parameters (Dacl and DaclDefaulted) are ignored. If DaclPresent is TRUE, the SE_DACL_PRESENT flag in the security descriptor is set to TRUE and the remaining optional parameters are not ignored. For more information about the SE_DACL_PRESENT flag, see SECURITY_DESCRIPTOR_CONTROL.
[in, optional] Dacl
A pointer to the DACL for the security descriptor. If this parameter is NULL, the DACL pointer in the security descriptor is set to NULL. A NULL DACL pointer unconditionally grants all access to an object and is not the same as an empty DACL. An empty DACL denies all access to an object. If Dacl is non-NULL, the ACL structure supplied by the caller is referenced by, but not copied into, the security descriptor. The caller can allocate the ACL structure from paged system memory, and can call the RtlCreateAcl routine to initialize the structure.
[in, optional] DaclDefaulted
Whether the DACL was supplied by some default mechanism, or was explicitly specified by the caller. If this parameter is TRUE, the DACL was supplied by a default mechanism. If DaclDefaulted is FALSE, the caller explicitly specified the DACL. RtlSetDaclSecurityDescriptor copies the value specified for this parameter to the SE_DACL_DEFAULTED control flag in the security descriptor. For more information about the SE_DACL_DEFAULTED flag, see SECURITY_DESCRIPTOR_CONTROL.
Return value
RtlSetDaclSecurityDescriptor can return one of the following status values.
| Return code | Description |
|---|---|
|
The call completed successfully. |
|
The revision of the security descriptor is unknown. |
|
The security descriptor is not an absolute format security descriptor. |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Available starting with Windows 2000. |
| Target Platform | Universal |
| Header | wdm.h (include Wdm.h, Ntddk.h, Ntifs.h) |
| Library | NtosKrnl.lib |
| DLL | NtosKrnl.exe (kernel mode); Ntdll.dll (user mode) |
| IRQL | PASSIVE_LEVEL |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for