EventAccessQuery function (evntcons.h)
Retrieves the permissions for the specified controller or provider.
Syntax
ULONG EVNTAPI EventAccessQuery(
[in] LPGUID Guid,
[in, out] PSECURITY_DESCRIPTOR Buffer,
[in, out] PULONG BufferSize
);
Parameters
[in] Guid
GUID that uniquely identifies the provider or session.
[in, out] Buffer
Application-allocated buffer that will contain the security descriptor of the controller or provider.
[in, out] BufferSize
Size of the security descriptor buffer, in bytes. If the function succeeds, this parameter receives the size of the buffer used. If the buffer is too small, the function returns ERROR_MORE_DATA and this parameter receives the required buffer size. If the buffer size is zero on input, no data is returned in the buffer and this parameter receives the required buffer size.
Return value
Returns ERROR_SUCCESS if successful.
The function returns the following return code if an error occurs:
| Return code | Description |
|---|---|
|
The buffer is too small to receive the security descriptor. Reallocate the buffer using the size returned in BufferSize. |
Remarks
If the GUID does not exist in the registry, ETW returns the default permissions for a provider or controller. For details on specifying the GUID in the registry, see EventAccessControl.
For information on accessing the components of the security descriptor, see Getting Information from an ACL, the GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, and GetAce functions, and the ACE structure.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | evntcons.h |
| Library | Advapi32.lib |
| DLL | Advapi32.dll |