共用方式為

2.2.1.3 SECURITY_INFORMATION

The SECURITY_INFORMATION type is used to specify which portions of a security descriptor the caller would like to retrieve or set on an object.

The SECURITY_INFORMATION data type is defined in [MS-DTYP] section 2.4.7. The following declaration is an alternative definition.

This type is declared as follows:

 typedef unsigned long SECURITY_INFORMATION;

The following table defines the bits that are relevant to the Local Security Authority (Domain Policy) Remote Protocol.

Value

Meaning

OWNER_SECURITY_INFORMATION

0x00000001

Return the Owner portion of the security descriptor.

GROUP_SECURITY_INFORMATION

0x00000002

Return the Group portion of the security descriptor.

DACL_SECURITY_INFORMATION

0x00000004

Return the DACL portion of the security descriptor.

SACL_SECURITY_INFORMATION

0x00000008

Return the SACL portion of the security descriptor.

The server honors the request to set or retrieve security information only if the caller has the appropriate rights to the object.

The following table lists the SECURITY_INFORMATION bits and the corresponding user rights required of the caller requesting to query information.

Security information access requested

Rights required of caller on server

Privileges required of caller on server

OWNER_SECURITY_INFORMATION

READ_CONTROL

Does not apply.

GROUP_SECURITY_INFORMATION

READ_CONTROL

Does not apply.

DACL_SECURITY_INFORMATION

READ_CONTROL

Does not apply.

SACL_SECURITY_INFORMATION

Does not apply.

Security privilege.

The following table lists the SECURITY_INFORMATION bits and the corresponding user rights required of the caller requesting to set information.

Security information access requested

Rights required of caller on server

Privileges required of caller on server

OWNER_SECURITY_INFORMATION

WRITE_OWNER

Take ownership privilege.

Note Either the access bit or the privilege is sufficient; the caller does not need both.

GROUP_SECURITY_INFORMATION

WRITE_OWNER

Take-ownership privilege.

DACL_SECURITY_INFORMATION

WRITE_DAC

Does not apply.

SACL_SECURITY_INFORMATION

Does not apply.

Security privilege.