The SetUserObjectSecurity function sets the security of a user object. This can be, for example, a window or a DDE conversation.
BOOL SetUserObjectSecurity(
HANDLE hObj, | // handle of user object |
PSECURITY_INFORMATION pSIRequested, | // address of security information |
PSECURITY_DESCRIPTOR pSID | // address of security descriptor |
); |
Parameters
hObj
Identifies a user object for which security information is set.
pSIRequested
Points to a SECURITY_INFORMATION structure describing the security information being set.
pSID
Points to a SECURITY_DESCRIPTOR structure containing the new security information.
Return Values
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
Remarks
The SetUserObjectSecurity function applies changes specified in a security descriptor to the security descriptor assigned to a user object. The object's security descriptor must be in self-relative form. If necessary, this function allocates additional memory to increase the size of the security descriptor.
The SetUserObjectSecurity function is successful only if the following conditions are met:
·If the object's owner is being set, the calling process must either have WRITE_OWNER permission or be the object's owner.
·If the object's discretionary access-control list (ACL) is being set, the calling process must either have WRITE_DAC permission or be the object's owner.
·If the object's system ACL is being set, the SE_SECURITY_NAME privilege must be enabled for the calling process.
See Also
GetUserObjectSecurity, SECURITY_DESCRIPTOR, SECURITY_INFORMATION, SetFileSecurity, SetKernelObjectSecurity, SetPrivateObjectSecurity