SetUserObjectSecurity

The SetUserObjectSecurity function sets the security of a user object. This can be, for example, a window or a DDE conversation.

BOOL SetUserObjectSecurity(
  HANDLE hObj,                // handle of user object
  PSECURITY_INFORMATION pSIRequested,
                              // address of security information
  PSECURITY_DESCRIPTOR pSD    // address of security descriptor
);
 

Parameters

hObj

Identifies a user object for which security information is set.

pSIRequested

Pointer to a value that indicates the components of the security descriptor to set. The value can be a combination of the following flags.

Value	Meaning
OWNER_SECURITY_INFORMATION
	Sets the object's owner security identifier (SID). The hObj handle must have WRITE_OWNER access, or the calling process must be the object's owner or have the SE_TAKE_OWNERSHIP_NAME privilege enabled.
GROUP_SECURITY_INFORMATION
	Sets the object's primary group SID. The hObj handle must have WRITE_OWNER access, or the calling process must be the object's owner.
DACL_SECURITY_INFORMATION
	Sets the object's discretionary access control list (DACL). The hObj handle must have WRITE_DAC access, or the calling process must be the object's owner.
SACL_SECURITY_INFORMATION
	Sets the object's system access control list (SACL). The hObj handle must have ACCESS_SYSTEM_SECURITY access. The proper way to get this access is to enable the SE_SECURITY_NAME privilege in the caller's current access token, open the handle for ACCESS_SYSTEM_SECURITY access, and then disable the privilege.

pSD

Pointer to a SECURITY_DESCRIPTOR structure containing the new security information.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The SetUserObjectSecurity function applies changes specified in a security descriptor to the security descriptor assigned to a user object. The object's security descriptor must be in self-relative form. If necessary, this function allocates additional memory to increase the size of the security descriptor.

QuickInfo

  Windows NT: Requires version 3.1 or later.
  Windows: Unsupported.
  Windows CE: Unsupported.
  Header: Declared in winuser.h.
  Import Library: Use user32.lib.

See Also

Low-Level Access-Control Overview, Low-Level Access Control Functions, GetUserObjectSecurity, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetFileSecurity, SetKernelObjectSecurity, SetPrivateObjectSecurity