The SECURITY_INFORMATION type is used to specify which portions of a security descriptor the caller would like to retrieve or set on an object.
The SECURITY_INFORMATION data type is defined in [MS-DTYP] section 2.4.7. The following declaration is an alternative definition.
This type is declared as follows:
-
typedef unsigned long SECURITY_INFORMATION;
The following table defines the bits that are relevant to the Local Security Authority (Domain Policy) Remote Protocol.
Value |
Meaning |
---|---|
OWNER_SECURITY_INFORMATION 0x00000001 |
Return the Owner portion of the security descriptor. |
GROUP_SECURITY_INFORMATION 0x00000002 |
Return the Group portion of the security descriptor. |
DACL_SECURITY_INFORMATION 0x00000004 |
Return the DACL portion of the security descriptor. |
SACL_SECURITY_INFORMATION 0x00000008 |
Return the SACL portion of the security descriptor. |
The server honors the request to set or retrieve security information only if the caller has the appropriate rights to the object.
The following table lists the SECURITY_INFORMATION bits and the corresponding user rights required of the caller requesting to query information.
Security information access requested |
Rights required of caller on server |
Privileges required of caller on server |
---|---|---|
OWNER_SECURITY_INFORMATION |
READ_CONTROL |
Does not apply. |
GROUP_SECURITY_INFORMATION |
READ_CONTROL |
Does not apply. |
DACL_SECURITY_INFORMATION |
READ_CONTROL |
Does not apply. |
SACL_SECURITY_INFORMATION |
Does not apply. |
Security privilege. |
The following table lists the SECURITY_INFORMATION bits and the corresponding user rights required of the caller requesting to set information.
Security information access requested |
Rights required of caller on server |
Privileges required of caller on server |
---|---|---|
OWNER_SECURITY_INFORMATION |
WRITE_OWNER |
Take ownership privilege. Note Either the access bit or the privilege is sufficient; the caller does not need both. |
GROUP_SECURITY_INFORMATION |
WRITE_OWNER |
Take-ownership privilege. |
DACL_SECURITY_INFORMATION |
WRITE_DAC |
Does not apply. |
SACL_SECURITY_INFORMATION |
Does not apply. |
Security privilege. |