SECURITY_INFORMATION
The SECURITY_INFORMATION data type identifies the object-related security information being set or queried. This security information includes:
- The owner of an object
- The primary group of an object
- The discretionary access control list (DACL) of an object
- The system access control list (SACL) of an object
typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;
Remarks
Some SECURITY_INFORMATION members work only with the SetNamedSecurityInfo function. These members are not returned in the structure returned by other security functions such as GetNamedSecurityInfo or ConvertStringSecurityDescriptorToSecurityDescriptor.
Each item of security information is designated by a bit flag. Each bit flag can be one of the following values. For more information, see the SetSecurityAccessMask and QuerySecurityAccessMask functions.
| Value/rights required to query/set | Meaning |
|---|---|
| ATTRIBUTE_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: WRITE_DAC |
The resource properties of the object being referenced. The resource properties are stored in SYSTEM_RESOURCE_ATTRIBUTE_ACE types in the SACL of the security descriptor. Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This bit flag is not available. |
| BACKUP_SECURITY_INFORMATION Right required to query: READ_CONTROL and ACCESS_SYSTEM_SECURITY Right required to set: WRITE_DAC and WRITE_OWNER and ACCESS_SYSTEM_SECURITY |
All parts of the security descriptor. This is useful for backup and restore software that needs to preserve the entire security descriptor. Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This bit flag is not available. |
| DACL_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: WRITE_DAC |
The DACL of the object is being referenced. |
| GROUP_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: WRITE_OWNER |
The primary group identifier of the object is being referenced. |
| LABEL_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: WRITE_OWNER |
The mandatory integrity label is being referenced. The mandatory integrity label is an ACE in the SACL of the object. Windows Server 2003 and Windows XP: This bit flag is not available. |
| OWNER_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: WRITE_OWNER |
The owner identifier of the object is being referenced. |
| PROTECTED_DACL_SECURITY_INFORMATION Right required to query: Not available Right required to set: WRITE_DAC |
The DACL cannot inherit access control entries (ACEs). |
| PROTECTED_SACL_SECURITY_INFORMATION Right required to query: Not available Right required to set: ACCESS_SYSTEM_SECURITY |
The SACL cannot inherit ACEs. |
| SACL_SECURITY_INFORMATION Right required to query: ACCESS_SYSTEM_SECURITY Right required to set: ACCESS_SYSTEM_SECURITY |
The SACL of the object is being referenced. |
| SCOPE_SECURITY_INFORMATION Right required to query: READ_CONTROL Right required to set: ACCESS_SYSTEM_SECURITY |
The Central Access Policy (CAP) identifier applicable on the object that is being referenced. Each CAP identifier is stored in a SYSTEM_SCOPED_POLICY_ID_ACE type in the SACL of the SD. Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP: This bit flag is not available. |
| UNPROTECTED_DACL_SECURITY_INFORMATION Right required to query: Not available Right required to set: WRITE_DAC |
The DACL inherits ACEs from the parent object. |
| UNPROTECTED_SACL_SECURITY_INFORMATION Right required to query: Not available Right required to set: ACCESS_SYSTEM_SECURITY |
The SACL inherits ACEs from the parent object. |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows XP [desktop apps only] |
| Minimum supported server |
Windows Server 2003 [desktop apps only] |
| Header |
|