The SECURITY_DESCRIPTOR structure contains the security information associated with an object. Applications use this structure to set and query an object's security status.
Applications are not to modify the SECURITY_DESCRIPTOR structure directly. For creating and manipulating a security descriptor, use the functions listed in the See Also section.
typedef PVOID PSECURITY_DESCRIPTOR;
Remarks
A security descriptor includes information that specifies the following components of an object's security:
·An owner (SID)
·A primary group (SID)
·A discretionary ACL
·A system ACL
·Qualifiers for the preceding items
Security descriptors use access-control lists (ACLs) and security identifiers (SIDs) to specify the information in this list.
A security descriptor can be in absolute or self-relative form. In self-relative form, all members of the structure are located contiguously in memory. In absolute form, the structure only contains pointers to the members.
See Also
GetSecurityDescriptorControl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorLength, GetSecurityDescriptorOwner, GetSecurityDescriptorSacl, InitializeSecurityDescriptor, IsValidSecurityDescriptor, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityDescriptorSacl