2.4.7 SECURITY_INFORMATION

The SECURITY_INFORMATION data type identifies the object-related security information being set or queried. This security information includes:

  • The owner of an object.

  • The primary group of an object.

  • The discretionary access control list (DACL) of an object.

  • The system access control list (SACL) of an object.

An unsigned 32-bit integer specifies portions of a SECURITY_DESCRIPTOR by means of bit flags. Individual bit values (combinable with the bitwise OR operation) are as shown in the following table.

Value

Meaning

OWNER_SECURITY_INFORMATION

0x00000001

The owner identifier of the object is being referenced.

GROUP_SECURITY_INFORMATION

0x00000002

The primary group identifier of the object is being referenced.

DACL_SECURITY_INFORMATION

0x00000004

The DACL of the object is being referenced.

SACL_SECURITY_INFORMATION

0x00000008

The SACL of the object is being referenced.

LABEL_SECURITY_INFORMATION

0x00000010

The mandatory integrity label is being referenced.

UNPROTECTED_SACL_SECURITY_INFORMATION

0x10000000

The SACL inherits access control entries (ACEs) from the parent object.

UNPROTECTED_DACL_SECURITY_INFORMATION

0x20000000

The DACL inherits ACEs from the parent object.

PROTECTED_SACL_SECURITY_INFORMATION

0x40000000

The SACL cannot inherit ACEs.

PROTECTED_DACL_SECURITY_INFORMATION

0x80000000

The DACL cannot inherit ACEs.

ATTRIBUTE_SECURITY_INFORMATION

0x00000020

A SYSTEM_RESOURCE_ATTRIBUTE_ACE (section 2.4.4.15) is being referenced.

SCOPE_SECURITY_INFORMATION

0x00000040

A SYSTEM_SCOPED_POLICY_ID_ACE (section 2.4.4.16) is being referenced.

PROCESS_TRUST_LABEL_SECURITY_INFORMATION

0x00000080

Reserved.

BACKUP_SECURITY_INFORMATION

0x00010000

The security descriptor is being accessed for use in a backup operation.

This type is declared as follows:

 typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;