The SECURITY_DESCRIPTOR structure contains the security information associated with an object. Applications use this structure to set and query an object's security status.
Because the internal format of a security descriptor can vary, we recommend that applications not modify the SECURITY_DESCRIPTOR structure directly. For creating and manipulating a security descriptor, use the functions listed in See Also.
Remarks
A security descriptor includes information that specifies the following components of an object's security:
- An owner security identifier (SID)
- A primary group SID
- A discretionary access control list (DACL)
- A system access control list (SACL)
- Qualifiers for the preceding items
Several functions that use the SECURITY_DESCRIPTOR structure require that this structure be aligned on a valid pointer boundary in memory. These boundaries vary depending on the type of processor used. Memory allocation functions such as malloc and LocalAlloc return properly aligned pointers.
Requirements
|
Minimum supported client |
Windows XP [desktop apps | UWP apps] |
|---|---|
|
Minimum supported server |
Windows Server 2003 [desktop apps | UWP apps] |
|
Header |
|
See also
- GetSecurityDescriptorControl
- GetSecurityDescriptorDacl
- GetSecurityDescriptorGroup
- GetSecurityDescriptorLength
- GetSecurityDescriptorOwner
- GetSecurityDescriptorRMControl
- GetSecurityDescriptorSacl
- InitializeSecurityDescriptor
- IsValidSecurityDescriptor
- SetSecurityDescriptorDacl
- SetSecurityDescriptorGroup
- SetSecurityDescriptorOwner
- SetSecurityDescriptorRMControl
- SetSecurityDescriptorSacl