SetPrivateObjectSecurity  1TBTG3P 

The SetPrivateObjectSecurity function modifies a private object s security descriptor.

BOOL SetPrivateObjectSecurity(

Parameters

SecurityInformation

Specifies a SECURITY_INFORMATION1IEJNC4 structure identifying the contents of the security descriptor pointed to by the ModificationDescriptor parameter.

ModificationDescriptor

Points to a SECURITY_DESCRIPTOR188MR8K structure to be applied to the object.

ObjectsSecurityDescriptor

Points to a pointer to a SECURITY_DESCRIPTOR structure to be altered by this function. This security descriptor must be in self-relative form.

GenericMapping

Points to a GENERIC_MAPPINGIL_UXB structure specifying the mapping of generic to specific and standard access types for the object.

Token

Identifies the access token for the client on whose behalf the private object s security is being modified. This parameter is required to ensure that the client has provided a legitimate value for a new owner security identifier (SID). The token must be open for TOKEN_QUERY access.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError11C2VS7.

Remarks

The object s security descriptor must be in self-relative form.

If necessary, the SetPrivateObjectSecurity function allocates additional memory to produce a larger security descriptor.

The SetPrivateObjectSecurity function is successful only if the following conditions are met:

    If the object s owner is being set, the calling process must have either WRITE_OWNER permission or be the object s owner.

    If the object s discretionary access-control list (ACL) is being set, the calling process must have either WRITE_DAC permission or be the object s owner.

    If the object s system ACL is being set, the SE_SECURITY_NAME privilege must be enabled for the calling process.

The process calling this function must not be impersonating a client.

See Also