Edit

SECURITY_DESCRIPTOR structure (ntifs.h)

  • Article

The SECURITY_DESCRIPTOR structure contains the security information associated with an object. Drivers use this structure to set and query an object's security status.

Because the internal format of a security descriptor can vary, drivers are not to modify the SECURITY_DESCRIPTOR structure directly. For creating and manipulating a security descriptor, use the functions listed in the See Also section.

Syntax

typedef struct _SECURITY_DESCRIPTOR {
  UCHAR                       Revision;
  UCHAR                       Sbz1;
  SECURITY_DESCRIPTOR_CONTROL Control;
  PSID                        Owner;
  PSID                        Group;
  PACL                        Sacl;
  PACL                        Dacl;
} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;

Members

Revision

Specifies the revision level of the security descriptor.

Sbz1

Specifies a zero byte of padding that aligns the Revision member on a 16-bit boundary.

Control

The control information of security descriptor. For more information, see SECURITY_DESCRIPTOR_CONTROL.

Owner

A pointer to an owner security identifier.

Note

This member might be invalid. You should use RtlGetOwnerSecurityDescriptor to get an owner security identifier.

Group

A pointer to a primary group security identifier.

Note

This member might be invalid. You should use RtlGetGroupSecurityDescriptor to get this member.

Sacl

A pointer to a system access control list (SACL).

Note

This member might be invalid. You should use RtlGetSaclSecurityDescriptor to get this member.

Dacl

A pointer to a discretionary access control list (DACL).

Note

This member might be invalid. You should use RtlGetDaclSecurityDescriptor to get this member.

Remarks

A security descriptor includes information that specifies the following components of an object's security:

  • An owner SID
  • A primary group SID
  • A discretionary ACL (DACL)
  • A system ACL (SACL)

Requirements

Requirement Value
Minimum supported client Available starting with Microsoft Windows 2000.
Header ntifs.h

See also

ACL

ObGetObjectSecurity

ObReleaseObjectSecurity

RtlCreateSecurityDescriptor

RtlGetDaclSecurityDescriptor

RtlGetGroupSecurityDescriptor

RtlGetOwnerSecurityDescriptor

RtlGetSaclSecurityDescriptor

RtlLengthSecurityDescriptor

RtlSetDaclSecurityDescriptor

RtlSetGroupSecurityDescriptor

RtlSetOwnerSecurityDescriptor

RtlValidSecurityDescriptor

SECURITY_DESCRIPTOR_CONTROL

SECURITY_INFORMATION

SID

SeAccessCheck

SeAssignSecurity

SeAssignSecurityEx

SeDeassignSecurity

SeSetSecurityDescriptorInfo

SeSetSecurityDescriptorInfoEx

SeValidSecurityDescriptor

ZwQuerySecurityObject

ZwSetSecurityObject