Win32 API Reference

SECURITY_ATTRIBUTES Structure

The SECURITY_ATTRIBUTES structure contains information about the security of an object. It is used by various Windows functions to specify the security descriptor for a securable object.

Syntax

typedef struct _SECURITY_ATTRIBUTES {
  DWORD               nLength;
  LPVOID              lpSecurityDescriptor;
  BOOL                bInheritHandle;
} SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES;
                

Members

nLength

The size, in bytes, of this structure. Set this member to sizeof(SECURITY_ATTRIBUTES).

lpSecurityDescriptor

A pointer to a SECURITY_DESCRIPTOR structure that specifies the object's security descriptor. If this member is NULL, the object is assigned a default security descriptor.

bInheritHandle

A boolean value that specifies whether child processes inherit the security attributes of the parent process. If this member is TRUE, child processes inherit the handle. If this member is FALSE, child processes do not inherit the handle.

Remarks

The SECURITY_ATTRIBUTES structure is used to control the access to securable objects. When creating an object, you can pass a pointer to a SECURITY_ATTRIBUTES structure to specify the security descriptor for the object and whether handles to the object can be inherited by child processes.

A SECURITY_DESCRIPTOR structure contains the security information for an object. This information includes the owner of the object, a discretionary access control list (DACL) that controls access by specific users and groups, and a system access control list (SACL) that controls auditing of access attempts.

If lpSecurityDescriptor is NULL, the object is created with a default security descriptor. The default security descriptor for an object type is defined by the system and may vary depending on the object type.

The bInheritHandle member is important when creating processes or threads. If TRUE, any handles created by the parent process after the child process is created will be inherited by the child process. If FALSE, they will not be.

See Also

• SECURITY_DESCRIPTOR
• Access Control Lists (ACLs)
• Discretionary Access Control Lists (DACLs)