SetSecurityDescriptorSacl
The SetSecurityDescriptorSacl
function sets information in a system access-control list (ACL). If there is
already a system ACL present in the security descriptor, it is replaced.
BOOL SetSecurityDescriptorSacl(
|
PSECURITY_DESCRIPTOR pSecurityDescriptor, |
// address of
security descriptor |
|
BOOL bSaclPresent, |
// flag for
presence of system ACL |
|
PACL pSacl, |
// address of
system ACL |
|
BOOL bSaclDefaulted |
// flag for default
system ACL |
|
); |
|
Parameters
pSecurityDescriptor
Points to the
SECURITY_DESCRIPTOR
structure to which the function adds the system ACL. This security descriptor
must be in absolute format, meaning that its members must be pointers to other
structures, rather than offsets to contiguous data.
bSaclPresent
Specifies a
flag indicating the presence of a system ACL in the security descriptor. If
this parameter is TRUE, the function sets the SE_SACL_PRESENT flag in the SECURITY_DESCRIPTOR_CONTROL structure and uses the
values in the pSacl and bSaclDefaulted parameters. If it is
FALSE, the function does not set the SE_SACL_PRESENT flag, and pSacl and
bSaclDefaulted are ignored.
pSacl
Points to an ACL structure that specifies
the system ACL for the security descriptor. If this parameter is NULL, a NULL
system ACL is assigned to the security descriptor. The system ACL is referenced
by, not copied into, the security descriptor.
bSaclDefaulted
Specifies a
flag indicating the source of the system ACL. If this flag is TRUE, the system
ACL has been retrieved by some default mechanism. If it is FALSE, the system
ACL has been explicitly specified by a user. The function stores this value in
the SE_SACL_DEFAULTED flag of the SECURITY_DESCRIPTOR_CONTROL structure.
If this parameter is not specified, the SE_SACL_DEFAULTED flag is cleared.
Return Values
If the
function succeeds, the return value is nonzero.
If the
function fails, the return value is zero. To get extended error information,
call GetLastError.
See Also