Düzenle

Aracılığıyla paylaş


Authorization Structures

The following structures are used with authorization applications.

In this section

Topic Description
ACCESS_ALLOWED_ACE
Defines an access control entry (ACE) for the discretionary access control list (DACL) that controls access to an object. An access-allowed ACE allows access to an object for a specific trustee identified by a security identifier (SID).
ACCESS_ALLOWED_CALLBACK_ACE
The ACCESS_ALLOWED_CALLBACK_ACE structure defines an access control entry for the discretionary access control list that controls access to an object.
ACCESS_ALLOWED_CALLBACK_OBJECT_ACE
Defines an access control entry (ACE) that controls allowed access to an object, property set, or property.
ACCESS_ALLOWED_OBJECT_ACE
Defines an access control entry (ACE) that controls allowed access to an object, a property set, or property.
ACCESS_DENIED_ACE
Defines an access control entry (ACE) for the discretionary access control list (DACL) that controls access to an object. An access-denied ACE denies access to an object for a specific trustee identified by a security identifier (SID).
ACCESS_DENIED_CALLBACK_ACE
The ACCESS_DENIED_CALLBACK_ACE structure defines an access control entry for the discretionary access control list that controls access to an object.
ACCESS_DENIED_CALLBACK_OBJECT_ACE
The ACCESS_DENIED_CALLBACK_OBJECT_ACE structure defines an access control entry that controls denied access to an object, a property set, or property.
ACCESS_DENIED_OBJECT_ACE
Defines an access control entry (ACE) that controls denied access to an object, a property set, or property.
ACE
Lists the currently defined ACE types.
ACE_HEADER
Defines the type and size of an access control entry (ACE).
ACL
Header of an access control list (ACL).
ACL_REVISION_INFORMATION
Contains revision information about an ACL structure.
ACL_SIZE_INFORMATION
Contains information about the size of an ACL structure.
AUDIT_POLICY_INFORMATION
Specifies a security event type and when to audit that type.
AUTHZ_ACCESS_REPLY
Defines an access check reply.
AUTHZ_ACCESS_REQUEST
Defines an access check request.
AUTHZ_INIT_INFO
Defines the initialization information for the resource manager.
AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET
Specifies the offset of a registration object type name.
AUTHZ_RPC_INIT_INFO_CLIENT
initializes a remote resource manager for a client.
AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE
Specifies a fully qualified binary name value associated with a security attribute.
AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE
Specifies an octet string value for a security attribute.
AUTHZ_SECURITY_ATTRIBUTE_V1
Defines a security attribute that can be associated with an authorization context.
AUTHZ_SECURITY_ATTRIBUTES_INFORMATION
Specifies one or more security attributes and values.
AUTHZ_SOURCE_SCHEMA_REGISTRATION
Specifies information about source schema registration.
CLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE
Specifies the fully qualified binary name.
CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE
Specifies the OCTET_STRING value type of the claim security attribute.
CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1
Defines a resource attribute that is defined in continuous memory for persistence within a serialized security descriptor.
CLAIM_SECURITY_ATTRIBUTE_V1
Defines a security attribute that can be associated with a token or authorization context.
CLAIM_SECURITY_ATTRIBUTES_INFORMATION
Defines the security attributes for the claim.
EFFPERM_RESULT_LIST
Lists the effective permissions.
EXPLICIT_ACCESS
Defines access control information for a specified trustee.
GENERIC_MAPPING
Defines the mapping of generic access rights to specific and standard access rights for an object.
INHERITED_FROM
Provides information about an object's inherited access control entry (ACE).
LUID
64-bit value guaranteed to be unique only on the system on which it was generated.
LUID_AND_ATTRIBUTES
Represents a locally unique identifier (LUID) and its attributes.
OBJECT_TYPE_LIST
Identifies an object type element in a hierarchy of object types.
OBJECTS_AND_NAME
Contains a string that identifies a trustee by name and additional strings that identify the object types of an object-specific access control entry (ACE).
OBJECTS_AND_SID
Contains a security identifier (SID) that identifies a trustee and GUIDs that identify the object types of an object-specific access control entry (ACE).
POLICY_AUDIT_SID_ARRAY
Specifies an array of SID structures that represent Windows users or groups.
PRIVILEGE_SET
Specifies a set of privileges.
SECURITY_ATTRIBUTES
The SECURITY_ATTRIBUTES security structure contains the security descriptor for an object and specifies whether the handle retrieved by specifying this structure is inheritable.
SECURITY_CAPABILITIES
Defines the security capabilities of the app container.
SECURITY_DESCRIPTOR
Contains the security information associated with an object.
SECURITY_OBJECT
Contains the security object information.
SECURITY_QUALITY_OF_SERVICE
Contains information used to support client impersonation.
SI_ACCESS
Contains information about an access right or default access mask for a securable object.
SI_INHERIT_TYPE
Contains information about how access control entries (ACEs) can be inherited by child objects.
SI_OBJECT_INFO
Used to initialize the access control editor.
SID
Used to uniquely identify users or groups.
SID_AND_ATTRIBUTES
Represents a security identifier (SID) and its attributes.
SID_AND_ATTRIBUTES_HASH
Specifies a hash values for the specified array of security identifiers (SIDs)
SID_IDENTIFIER_AUTHORITY
Represents the top-level authority of a security identifier (SID).
SID_INFO
Contains the list of common names corresponding to the SID structures returned by ISecurityInformation2::LookupSids.
SID_INFO_LIST
Contains a list of SID_INFO structures.
SYSTEM_ALARM_ACE
The SYSTEM_ALARM_ACE structure is reserved for future use.
SYSTEM_ALARM_CALLBACK_ACE
The SYSTEM_ALARM_CALLBACK_ACE structure is reserved for future use.
SYSTEM_ALARM_CALLBACK_OBJECT_ACE
The SYSTEM_ALARM_CALLBACK_OBJECT_ACE structure is reserved for future use.
SYSTEM_ALARM_OBJECT_ACE
The SYSTEM_ALARM_OBJECT_ACE structure is reserved for future use.
SYSTEM_AUDIT_ACE
Defines an access control entry (ACE) for the system access control list (SACL) that specifies what types of access cause system-level notifications.
SYSTEM_AUDIT_CALLBACK_ACE
The SYSTEM_AUDIT_CALLBACK_ACE structure defines an access control entry for the system access control list that specifies what types of access cause system-level notifications.
SYSTEM_AUDIT_CALLBACK_OBJECT_ACE
The SYSTEM_AUDIT_CALLBACK_OBJECT_ACE structure defines an access control entry for a system access control list.
SYSTEM_AUDIT_OBJECT_ACE
Defines an access control entry (ACE) for a system access control list (SACL).
SYSTEM_MANDATORY_LABEL_ACE
Defines an access control entry (ACE) for the system access control list (SACL) that specifies the mandatory access level and policy for a securable object.
SYSTEM_RESOURCE_ATTRIBUTE_ACE
Defines an access control entry (ACE) for the system access control list (SACL) that specifies the system resource attributes for a securable object.
SYSTEM_SCOPED_POLICY_ID_ACE
Defines an access control entry (ACE) for the system access control list (SACL) that specifies the scoped policy identifier for a securable object.
TOKEN_ACCESS_INFORMATION
Specifies all the information in a token that is necessary to perform an access check.
TOKEN_APPCONTAINER_INFORMATION
Specifies all the information in a token that is necessary for an app container.
TOKEN_AUDIT_POLICY
Specifies the per user audit policy for a token.
TOKEN_CONTROL
Contains information that identifies an access token.
TOKEN_DEFAULT_DACL
Specifies a discretionary access control list (DACL).
TOKEN_DEVICE_CLAIMS
Defines the device claims for the token.
TOKEN_ELEVATION
Indicates whether a token has elevated privileges.
TOKEN_GROUPS
Contains information about the group security identifiers (SIDs) in an access token.
TOKEN_GROUPS_AND_PRIVILEGES
Contains information about the group security identifiers (SIDs) and privileges in an access token.
TOKEN_LINKED_TOKEN
Contains a handle to a token. This token is linked to the token being queried by the GetTokenInformation function or set by the SetTokenInformation function.
TOKEN_MANDATORY_LABEL
Specifies the mandatory integrity level for a token.
TOKEN_MANDATORY_POLICY
Specifies the mandatory integrity policy for a token.
TOKEN_ORIGIN
Contains information about the origin of the logon session.
TOKEN_OWNER
Contains the default owner security identifier (SID) that will be applied to newly created objects.
TOKEN_PRIMARY_GROUP
Specifies a group security identifier (SID) for an access token.
TOKEN_PRIVILEGES
Contains information about a set of privileges for an access token.
TOKEN_SOURCE
Identifies the source of an access token.
TOKEN_STATISTICS
Contains information about an access token.
TOKEN_USER
Identifies the user associated with an access token.
TOKEN_USER_CLAIMS
Defines the user claims for the token.
TRUSTEE
Identifies the user account, group account, or logon session to which an access control entry (ACE) applies.

Authorization structures are categorized according to usage as follows:

Basic Access Control Structures

The following structures are used with access control.

Access Control Editor Structures

The following structures are used with the access control editor.

Client/Server Access Control Structures

The following structures implement client/server access control functionality.