authz.h header
This header is used by Security and Identity. For more information, see:
authz.h contains the following programming interfaces:
Functions
| AuthzAccessCheck Determines which access bits can be granted to a client for a given set of security descriptors. |
| AuthzAddSidsToContext Creates a copy of an existing context and appends a given set of security identifiers (SIDs) and restricted SIDs. |
| AuthzCachedAccessCheck Performs a fast access check based on a cached handle containing the static granted bits from a previous AuthzAccessCheck call. |
| AuthzEnumerateSecurityEventSources Retrieves the registered security event sources that are not installed by default. |
| AuthzFreeAuditEvent Frees the structure allocated by the AuthzInitializeObjectAccessAuditEvent function. |
| AuthzFreeCentralAccessPolicyCache Decreases the CAP cache reference count by one so that the CAP cache can be deallocated. |
| AuthzFreeContext Frees all structures and memory associated with the client context. The list of handles for a client is freed in this call. |
| AuthzFreeHandle Finds and deletes a handle from the handle list. |
| AuthzFreeResourceManager Frees a resource manager object. |
| AuthzGetInformationFromContext Returns information about an Authz context. |
| AuthzInitializeCompoundContext Creates a user-mode context from the given user and device security contexts. |
| AuthzInitializeContextFromAuthzContext Creates a new client context based on an existing client context. |
| AuthzInitializeContextFromSid Creates a user-mode client context from a user security identifier (SID). |
| AuthzInitializeContextFromToken Initializes a client authorization context from a kernel token. The kernel token must have been opened for TOKEN_QUERY. |
| AuthzInitializeObjectAccessAuditEvent Initializes auditing for an object. |
| AuthzInitializeObjectAccessAuditEvent2 Allocates and initializes an AUTHZ_AUDIT_EVENT_HANDLE handle for use with the AuthzAccessCheck function. |
| AuthzInitializeRemoteResourceManager Allocates and initializes a remote resource manager. The caller can use the resulting handle to make RPC calls to a remote instance of the resource manager configured on a server. |
| AuthzInitializeResourceManager Uses Authz to verify that clients have access to various resources. |
| AuthzInitializeResourceManagerEx Allocates and initializes a resource manager structure. |
| AuthzInstallSecurityEventSource Installs the specified source as a security event source. |
| AuthzModifyClaims Adds, deletes, or modifies user and device claims in the Authz client context. |
| AuthzModifySecurityAttributes Modifies the security attribute information in the specified client context. |
| AuthzModifySids Adds, deletes, or modifies user and device groups in the Authz client context. |
| AuthzOpenObjectAudit Reads the system access control list (SACL) of the specified security descriptor and generates any appropriate audits specified by that SACL. |
| AuthzRegisterCapChangeNotification Registers a CAP update notification callback. |
| AuthzRegisterSecurityEventSource Registers a security event source with the Local Security Authority (LSA). |
| AuthzReportSecurityEvent Generates a security audit for a registered security event source. |
| AuthzReportSecurityEventFromParams Generates a security audit for a registered security event source by using the specified array of audit parameters. |
| AuthzSetAppContainerInformation Sets the app container and capability information in a current Authz context. |
| AuthzUninstallSecurityEventSource Removes the specified source from the list of valid security event sources. |
| AuthzUnregisterCapChangeNotification Removes a previously registered CAP update notification callback. |
| AuthzUnregisterSecurityEventSource Unregisters a security event source with the Local Security Authority (LSA). |
Structures
| AUTHZ_ACCESS_REPLY Defines an access check reply. |
| AUTHZ_ACCESS_REQUEST Defines an access check request. |
| AUTHZ_INIT_INFO Defines the initialization information for the resource manager. |
| AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET Specifies the offset of a registration object type name. |
| AUTHZ_RPC_INIT_INFO_CLIENT Initializes a remote resource manager for a client. |
| AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE Specifies a fully qualified binary name value associated with a security attribute. |
| AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE Specifies an octet string value for a security attribute. |
| AUTHZ_SECURITY_ATTRIBUTE_V1 Defines a security attribute that can be associated with an authorization context. |
| AUTHZ_SECURITY_ATTRIBUTES_INFORMATION Specifies one or more security attributes and values. |
| AUTHZ_SOURCE_SCHEMA_REGISTRATION Specifies information about source schema registration. |
Enumerations
| AUTHZ_CONTEXT_INFORMATION_CLASS Specifies the type of information to be retrieved from an existing AuthzClientContext. This enumeration is used by the AuthzGetInformationFromContext function. |
| AUTHZ_SECURITY_ATTRIBUTE_OPERATION Indicates the type of modification to be made to security attributes by a call to the AuthzModifySecurityAttributes function. |
| AUTHZ_SID_OPERATION Indicates the type of SID operations that can be made by a call to the AuthzModifySids function. |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for