SECURITY_IMPERSONATION_LEVEL
The SECURITY_IMPERSONATION_LEVEL
enumeration type contains values that specify security impersonation levels.
Security impersonation levels govern the degree to which a server process can
act on behalf of a client process.
typedef enum _SECURITY_IMPERSONATION_LEVEL { // sil
SecurityAnonymous,
SecurityIdentification,
SecurityImpersonation,
SecurityDelegation
} SECURITY_IMPERSONATION_LEVEL;
|
Value |
Meaning |
|
SecurityAnonymous |
The server
process cannot obtain identification information about the client and it
cannot impersonate the client. It is defined with no value given, and thus,
by ANSI C rules, defaults to a value of 0. |
|
SecurityIdentification |
The server
process can obtain information about the client, such as security identifiers
and privileges, but it cannot impersonate the client. This is useful for
servers that export their own objects for example, database products that export tables
and views. Using the retrieved client-security information, the server can
make access-validation decisions without being able to utilize other services
using the client s security context. |
|
SecurityImpersonation |
The server
process can impersonate the client s security context on its local system.
The server cannot impersonate the client on remote systems. |
|
SecurityDelegation |
Windows NT
security does not support this impersonation level. |
Remarks
Impersonation
is the ability of a process to take on the security attributes of another process.
See Also