The SECURITY_DESCRIPTOR structure contains the security information associated with an object. Applications use this structure to set and query an object's security status.
Because the internal format of a security descriptor can vary, we recommend that applications not modify the SECURITY_DESCRIPTOR structure directly. For creating and manipulating a security descriptor, use the functions listed in See Also.
Remarks
A security descriptor includes information that specifies the following components of an object's security:
- An owner security identifier (SID)
- A primary group SID
- A discretionary access control list (DACL)
- A system access control list (SACL)
- Qualifiers for the preceding items
Several functions that use the SECURITY_DESCRIPTOR structure require that this structure be aligned on a valid pointer boundary in memory. These boundaries vary depending on the type of processor used. Memory allocation functions such as malloc and LocalAlloc return properly aligned pointers.
Requirements
Minimum supported client |
Windows XP [desktop apps | UWP apps] |
---|---|
Minimum supported server |
Windows Server 2003 [desktop apps | UWP apps] |
Header |
|
See also
- GetSecurityDescriptorControl
- GetSecurityDescriptorDacl
- GetSecurityDescriptorGroup
- GetSecurityDescriptorLength
- GetSecurityDescriptorOwner
- GetSecurityDescriptorRMControl
- GetSecurityDescriptorSacl
- InitializeSecurityDescriptor
- IsValidSecurityDescriptor
- SetSecurityDescriptorDacl
- SetSecurityDescriptorGroup
- SetSecurityDescriptorOwner
- SetSecurityDescriptorRMControl
- SetSecurityDescriptorSacl