SetNamedSecurityInfo

The SetNamedSecurityInfo function sets specified security information in the security descriptor of a specified object. The caller identifies the object by name.

DWORD SetNamedSecurityInfo(
  LPTSTR pObjectName,  // name of the object
  SE_OBJECT_TYPE ObjectType,
                       // type of object
  SECURITY_INFORMATION SecurityInfo, 
                       // type of security information to set
  PSID psidOwner,      // pointer to the new owner SID
  PSID psidGroup,      // pointer to the new primary group SID
  PACL pDacl,          // pointer to the new DACL
  PACL pSacl           // pointer to the new SACL
);
 

Parameters

pObjectName

Pointer to a null-terminated string that specifies the name of the object for which to set security information. This can be the name of a local or remote file or directory on a NTFS file system, Windows NT network sharename, registry key, semaphore, event, mutex, file mapping, or waitable timer.

For descriptions of the string formats for the different object types, see SE_OBJECT_TYPE.

ObjectType

Specifies a value from the SE_OBJECT_TYPE enumeration that indicates the type of object named by the pObjectName parameter.

SecurityInfo

A set of SECURITY_INFORMATION bit flags that indicate the type of security information to set. This parameter can be a combination of the following values.

Value	Meaning
OWNER_SECURITY_INFORMATION	Set the owner security identifier (SID) in the object's security descriptor. The psidOwner parameter points to the new SID.
GROUP_SECURITY_INFORMATION	Set the primary group SID in the object's security descriptor. The psidGroup parameter points to the new SID.
DACL_SECURITY_INFORMATION	Set the discretionary access-control list (DACL) in the object's security descriptor. The pDacl parameter points to the new DACL.
SACL_SECURITY_INFORMATION	Set the system access-control list (SACL) in the object's security descriptor. The pSacl parameter points to the new SACL.

psidOwner

Pointer to a SID that identifies the object's owner. The SID must be one that can be assigned as the owner SID of a security descriptor. The SecurityInfo parameter must include the OWNER_SECURITY_INFORMATION flag. The caller must have WRITE_OWNER access to the object or have the SE_TAKE_OWNERSHIP_NAME privilege enabled. This parameter can be NULL if you are not setting the owner SID.

psidGroup

Pointer to a SID that identifies the object's primary group. The SecurityInfo parameter must include the GROUP_SECURITY_INFORMATION flag. This parameter can be NULL if you are not setting the primary group SID.

pDacl

Pointer to the new DACL for the object. The SecurityInfo parameter must include the DACL_SECURITY_INFORMATION flag. The caller must have WRITE_DAC access to the object or be the object's owner. This parameter can be NULL if you are not setting the DACL.

pSacl

Pointer to the new SACL for the object. The SecurityInfo parameter must include the SACL_SECURITY_INFORMATION flag. The caller must have the SE_SECURITY_NAME privilege enabled. This parameter can be NULL if you are not setting the SACL.

Return Values

If the function succeeds, the return value is ERROR_SUCCESS.

If the function fails, the return value is a nonzero error code defined in WINERROR.H.

QuickInfo

  Windows NT: Requires version 4.0 or later.
  Windows: Unsupported.
  Windows CE: Unsupported.
  Header: Declared in aclapi.h.
  Import Library: Use advapi32.lib.
  Unicode: Implemented as Unicode and ANSI versions on Windows NT.

See Also

Windows NT 4.0 Access Control Overview, Windows NT 4.0 Access-Control Functions, ACL, GetNamedSecurityInfo, GetSecurityInfo, SE_OBJECT_TYPE, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetSecurityInfo, SID