SECURITY_DESCRIPTOR structure (winnt.h)

Article
02/22/2024

The SECURITY_DESCRIPTOR structure contains the security information associated with an object. Applications use this structure to set and query an object's security status.

Because the internal format of a security descriptor can vary, we recommend that applications not modify the SECURITY_DESCRIPTOR structure directly. For creating and manipulating a security descriptor, use the functions listed in See Also.

Syntax

typedef struct _SECURITY_DESCRIPTOR {
  BYTE                        Revision;
  BYTE                        Sbz1;
  SECURITY_DESCRIPTOR_CONTROL Control;
  PSID                        Owner;
  PSID                        Group;
  PACL                        Sacl;
  PACL                        Dacl;
} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;

Members

Revision

Sbz1

Control

Owner

Group

Sacl

Dacl

Remarks

A security descriptor includes information that specifies the following components of an object's security:

An owner security identifier (SID)
A primary group SID
A discretionary access control list (DACL)
A system access control list (SACL)
Qualifiers for the preceding items

Several functions that use the SECURITY_DESCRIPTOR structure require that this structure be aligned on a valid pointer boundary in memory. These boundaries vary depending on the type of processor used. Memory allocation functions such as malloc and LocalAlloc return properly aligned pointers.

Requirements

Requirement	Value
Minimum supported client	Windows XP [desktop apps \| UWP apps]
Minimum supported server	Windows Server 2003 [desktop apps \| UWP apps]
Header	winnt.h (include Windows.h)

Share via

SECURITY_DESCRIPTOR structure (winnt.h)

Syntax

Members

Remarks

Requirements

See also

Feedback

Additional resources