Edit

Share via


authz.h header

This header is used by Security and Identity. For more information, see:

authz.h contains the following programming interfaces:

Functions

 
AuthzAccessCheck

Determines which access bits can be granted to a client for a given set of security descriptors.
AuthzAddSidsToContext

Creates a copy of an existing context and appends a given set of security identifiers (SIDs) and restricted SIDs.
AuthzCachedAccessCheck

Performs a fast access check based on a cached handle containing the static granted bits from a previous AuthzAccessCheck call.
AuthzEnumerateSecurityEventSources

Retrieves the registered security event sources that are not installed by default.
AuthzFreeAuditEvent

Frees the structure allocated by the AuthzInitializeObjectAccessAuditEvent function.
AuthzFreeCentralAccessPolicyCache

Decreases the CAP cache reference count by one so that the CAP cache can be deallocated.
AuthzFreeContext

Frees all structures and memory associated with the client context. The list of handles for a client is freed in this call.
AuthzFreeHandle

Finds and deletes a handle from the handle list.
AuthzFreeResourceManager

Frees a resource manager object.
AuthzGetInformationFromContext

Returns information about an Authz context.
AuthzInitializeCompoundContext

Creates a user-mode context from the given user and device security contexts.
AuthzInitializeContextFromAuthzContext

Creates a new client context based on an existing client context.
AuthzInitializeContextFromSid

Creates a user-mode client context from a user security identifier (SID).
AuthzInitializeContextFromToken

Initializes a client authorization context from a kernel token. The kernel token must have been opened for TOKEN_QUERY.
AuthzInitializeObjectAccessAuditEvent

Initializes auditing for an object.
AuthzInitializeObjectAccessAuditEvent2

Allocates and initializes an AUTHZ_AUDIT_EVENT_HANDLE handle for use with the AuthzAccessCheck function.
AuthzInitializeRemoteResourceManager

Allocates and initializes a remote resource manager. The caller can use the resulting handle to make RPC calls to a remote instance of the resource manager configured on a server.
AuthzInitializeResourceManager

Uses Authz to verify that clients have access to various resources.
AuthzInitializeResourceManagerEx

Allocates and initializes a resource manager structure.
AuthzInstallSecurityEventSource

Installs the specified source as a security event source.
AuthzModifyClaims

Adds, deletes, or modifies user and device claims in the Authz client context.
AuthzModifySecurityAttributes

Modifies the security attribute information in the specified client context.
AuthzModifySids

Adds, deletes, or modifies user and device groups in the Authz client context.
AuthzOpenObjectAudit

Reads the system access control list (SACL) of the specified security descriptor and generates any appropriate audits specified by that SACL.
AuthzRegisterCapChangeNotification

Registers a CAP update notification callback.
AuthzRegisterSecurityEventSource

Registers a security event source with the Local Security Authority (LSA).
AuthzReportSecurityEvent

Generates a security audit for a registered security event source.
AuthzReportSecurityEventFromParams

Generates a security audit for a registered security event source by using the specified array of audit parameters.
AuthzSetAppContainerInformation

Sets the app container and capability information in a current Authz context.
AuthzUninstallSecurityEventSource

Removes the specified source from the list of valid security event sources.
AuthzUnregisterCapChangeNotification

Removes a previously registered CAP update notification callback.
AuthzUnregisterSecurityEventSource

Unregisters a security event source with the Local Security Authority (LSA).

Structures

 
AUTHZ_ACCESS_REPLY

Defines an access check reply.
AUTHZ_ACCESS_REQUEST

Defines an access check request.
AUTHZ_INIT_INFO

Defines the initialization information for the resource manager.
AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET

Specifies the offset of a registration object type name.
AUTHZ_RPC_INIT_INFO_CLIENT

Initializes a remote resource manager for a client.
AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE

Specifies a fully qualified binary name value associated with a security attribute.
AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE

Specifies an octet string value for a security attribute.
AUTHZ_SECURITY_ATTRIBUTE_V1

Defines a security attribute that can be associated with an authorization context.
AUTHZ_SECURITY_ATTRIBUTES_INFORMATION

Specifies one or more security attributes and values.
AUTHZ_SOURCE_SCHEMA_REGISTRATION

Specifies information about source schema registration.

Enumerations

 
AUTHZ_CONTEXT_INFORMATION_CLASS

Specifies the type of information to be retrieved from an existing AuthzClientContext. This enumeration is used by the AuthzGetInformationFromContext function.
AUTHZ_SECURITY_ATTRIBUTE_OPERATION

Indicates the type of modification to be made to security attributes by a call to the AuthzModifySecurityAttributes function.
AUTHZ_SID_OPERATION

Indicates the type of SID operations that can be made by a call to the AuthzModifySids function.