SI_OBJECT_INFO structure (aclui.h)

The SI_OBJECT_INFO structure is used by the ISecurityInformation::GetObjectInformation method to specify information used to initialize the access control editor.

Syntax

typedef struct _SI_OBJECT_INFO {
  DWORD     dwFlags;
  HINSTANCE hInstance;
  LPWSTR    pszServerName;
  LPWSTR    pszObjectName;
  LPWSTR    pszPageTitle;
  GUID      guidObjectType;
} SI_OBJECT_INFO, *PSI_OBJECT_INFO;

Members

dwFlags

A set of bit flags that determine the editing options available to the user. This member can be a combination of the following values.

Value	Meaning
SI_ADVANCED 0x00000010L	If this flag is set, the Advanced button is displayed on the basic security property page. If the user clicks this button, the system displays an advanced security property sheet that enables advanced editing of the discretionary access control list (DACL) of the object. Combine this flag with the SI_EDIT_AUDITS, SI_EDIT_OWNER, and SI_EDIT_PROPERTIES flags to enable editing of the object's SACL, owner, and object-specific access control entries (ACEs).
SI_AUDITS_ELEVATION_REQUIRED 0x02000000L	If this flag is set, a shield is displayed on the Edit button of the advanced Auditing pages. For NTFS objects, this flag is requested when the user does not have READ_CONTROL or ACCESS_SYSTEM_SECURITY access. Windows Server 2003 and Windows XP:  This flag is not supported.
SI_CONTAINER 0x00000004L	Indicates that the object is a container. If this flag is set, the access control editor enables the controls relevant to the inheritance of permissions onto child objects.
SI_DISABLE_DENY_ACE 0x80000000L	If this flag is set, the system disables denying an ACE. Clients of the access control editor must implement the ISecurityInformation4 interface to set this flag. Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This flag is not supported.
SI_EDIT_ALL	Combines the SI_EDIT_PERMS, SI_EDIT_OWNER, and SI_EDIT_AUDITS flags.
SI_EDIT_AUDITS 0x00000002L	If this flag is set and the user clicks the Advanced button, the system displays an advanced security property sheet that includes an Auditing property page for editing the object's SACL. To display the Advanced button, set the SI_ADVANCED flag.
SI_EDIT_EFFECTIVE 0x00020000L	If this flag is set, the Effective Permissions page is displayed. This flag is ignored if the ISecurityInformation object that initialized the access control editor does not implement the IEffectivePermission interface.
SI_EDIT_OWNER 0x00000001L	If this flag is set and the user clicks the Advanced button, the system displays an advanced security property sheet that includes an Owner property page for changing the object's owner. To display the Advanced button, set the SI_ADVANCED flag.
SI_EDIT_PERMS 0x00000000L	This is the default value. The basic security property page always displays the controls for basic editing of the object's DACL. To disable these controls, set the SI_READONLY flag.
SI_EDIT_PROPERTIES 0x00000080L	If this flag is set, the system enables controls for editing ACEs that apply to the object's property sets and properties. These controls are available only on the property sheet displayed when the user clicks the Advanced button.
SI_ENABLE_CENTRAL_POLICY 0x40000000L	If this flag is set, the system enables editing attributes. Clients of the access control editor must implement the ISecurityInformation4 interface to set this flag. Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This flag is not supported.
SI_ENABLE_EDIT_ATTRIBUTE_CONDITION 0x20000000L	If this flag is set, the system enables editing attributes. Clients of the access control editor must implement the ISecurityInformation4 interface to set this flag. Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This flag is not supported.
SI_MAY_WRITE 0x10000000L	Indicates that the access control editor cannot read the DACL but might be able to write to the DACL. If a call to the ISecurityInformation::GetSecurity method returns AccessDenied, the user can try to add a new ACE, and a more appropriate warning is displayed.
SI_NO_ACL_PROTECT 0x00000200L	If this flag is set, the access control editor hides the check box that allows inheritable ACEs to propagate from the parent object to this object. If this flag is not set, the check box is visible. The check box is clear if the SE_DACL_PROTECTED flag is set in the object's security descriptor. In this case, the object's DACL is protected from being modified by inheritable ACEs. If the user clears the check box, any inherited ACEs in the security descriptor are deleted or converted to noninherited ACEs. Before proceeding with this conversion, the system displays a warning message box to confirm the change.
SI_NO_ADDITIONAL_PERMISSION 0x00200000L	If this flag is set, the access control editor hides the Special Permissions tab on the Advanced Security Settings page.
SI_NO_TREE_APPLY 0x00000400L	If this flag is set, the access control editor hides the check box that controls the NO_PROPAGATE_INHERIT_ACE flag. This flag is relevant only when the SI_ADVANCED flag is also set.
SI_OBJECT_GUID 0x00010000L	When set, indicates that the guidObjectType member of the SI_OBJECT_INFO structure is valid. This is set in comparisons with object-specific ACEs in determining whether the ACE applies to the current object.
SI_OWNER_ELEVATION_REQUIRED 0x04000000L	If this flag is set, a shield is displayed on the Edit button of the advanced Owner page. For NTFS objects, this flag is requested when the user does not have WRITE_OWNER access. This flag is valid only if the owner page is requested. Windows Server 2003 and Windows XP:  This flag is not supported.
SI_OWNER_READONLY 0x00000040L	If this flag is set, the user cannot change the owner of the object. Set this flag if SI_EDIT_OWNER is set but the user does not have permission to change the owner.
SI_OWNER_RECURSE 0x00000100L	Combine this flag with SI_CONTAINER to display a check box on the owner page that indicates whether the user intends the new owner to be applied to all child objects as well as the current object. The access control editor does not perform the recursion; the recursion should be performed by the application in ISecurityInformation::SetSecurity.
SI_PAGE_TITLE 0x00000800L	If this flag is set, the pszPageTitle member is used as the title of the basic security property page. Otherwise, a default title is used.
SI_PERMS_ELEVATION_REQUIRED 0x01000000L	If this flag is set, an image of a shield is displayed on the Edit button of the simple and advanced Permissions pages. For NTFS objects, this flag is requested when the user does not have READ_CONTROL or WRITE_DAC access. Windows Server 2003 and Windows XP:  This flag is not supported.
SI_READONLY 0x00000008L	If this flag is set, the editor displays the object's security information, but the controls for editing the information are disabled. This flag cannot be combined with the SI_VIEW_ONLY flag.
SI_RESET 0x00000020L	If this flag is set, the Default button is displayed. If the user clicks this button, the access control editor calls the ISecurityInformation::GetSecurity method to retrieve an application-defined default security descriptor. The access control editor uses this security descriptor to reinitialize the property sheet, and the user is allowed to apply the change or cancel.
SI_RESET_DACL 0x00040000L	When set, this flag displays the Reset Defaults button on the Permissions page.
SI_RESET_DACL_TREE 0x00004000L	When set, this flag displays the Reset permissions on all child objects and enable propagation of inheritable permissions check box in the Permissions page of the Access Control Settings window. If this check box is selected when the user clicks the Apply button, a bitwise-OR operation is performed on the SecurityInformation parameter of ISecurityInformation::SetSecurity with SI_RESET_DACL_TREE. This function does not reset the permissions and enable propagation of inheritable permissions; the implementation of ISecurityInformation must do this.
SI_RESET_OWNER 0x00100000L	When set, this flag displays the Reset Defaults button on the Owner page.
SI_RESET_SACL 0x00080000L	When set, this flag displays the Reset Defaults button on the Auditing page.
SI_RESET_SACL_TREE 0x00008000L	When set, this flag displays the Reset auditing entries on all child objects and enables propagation of the inheritable auditing entries check box in the Auditing page of the Access Control Settings window. If this check box is selected when the user clicks the Apply button, a bitwise-OR operation is performed on the SecurityInformation parameter of ISecurityInformation::SetSecurity with SI_RESET_SACL_TREE. This function does not reset the permissions and enable propagation of inheritable permissions; the implementation of ISecurityInformation must do this.
SI_SCOPE_ELEVATION_REQUIRED 0x08000000L	If this flag is set, an image of a shield is displayed on the Change button of the Scope attribute. For NTFS objects, this flag is requested when the user does not have READ_CONTROL or WRITE_DAC access. Clients of the access control editor must implement the ISecurityInformation4 interface to set this flag. Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This flag is not supported.
SI_SERVER_IS_DC 0x00001000L	Set this flag if the pszServerName computer is known to be a domain controller. If this flag is set, the domain name is included in the scope list of the Add Users and Groups dialog box. Otherwise, the pszServerName computer is used to determine the scope list of the dialog box.
SI_VIEW_ONLY 0x00400000L	This flag is set by the access control editor client to display read-only versions of the access control editor dialog boxes. These versions of the dialog boxes do not allow editing of the associated object's permissions. Clients of the access control editor must implement the ISecurityInformation3 interface to set this flag. This flag cannot be combined with the SI_READONLY flag. Windows Server 2003 and Windows XP:  This flag is not supported.

hInstance

Identifies a module that contains string resources to be used in the property sheet. The ISecurityInformation::GetAccessRights and ISecurityInformation::GetInheritTypes methods can specify string resource identifiers for display names.

pszServerName

A pointer to a null-terminated, Unicode string that names the computer on which to look up account names and SIDs. This value can be NULL to specify the local computer. The access control editor does not free this pointer.

pszObjectName

A pointer to a null-terminated, Unicode string that names the object being edited. This name appears in the title of the advanced security property sheet and any error message boxes displayed by the access control editor. The access control editor does not free this pointer.

pszPageTitle

A pointer to a null-terminated, Unicode string used as the title of the basic security property page. This member is ignored unless the SI_PAGE_TITLE flag is set in dwFlags. If the page title is not provided, a default title is used. The access control editor does not free this pointer.

guidObjectType

A GUID for the object. This member is ignored unless the SI_OBJECT_GUID flag is set in dwFlags.

Requirements

Requirement	Value
Minimum supported client	Windows XP [desktop apps only]
Minimum supported server	Windows Server 2003 [desktop apps only]
Header	aclui.h

See also

ISecurityInformation

ISecurityInformation::GetAccessRights

ISecurityInformation::GetInheritTypes

ISecurityInformation::GetObjectInformation

ISecurityInformation::GetSecurity

ISecurityInformation::SetSecurity