SECURITY_DESCRIPTOR Structure

The SECURITY_DESCRIPTOR structure contains the security information of an object. This information includes the object's owner, a Discretionary Access Control List (DACL), and a System Access Control List (SACL).

Use this structure to retrieve or set the security descriptor for securable objects.

Definition

typedef struct _SECURITY_DESCRIPTOR {
  DWORD               Revision;
  LPSTR               Owner;
  LPSTR               Group;
  PACL                Sacl;
  PACL                Dacl;
} SECURITY_DESCRIPTOR, *PSECURITY_DESCRIPTOR;

Members

• Revision: Specifies the revision level of the structure. This member must be set to SECURITY_DESCRIPTOR_REVISION or SECURITY_DESCRIPTOR_REVISION_1.
• Owner: A pointer to a null-terminated string that specifies the owner of the security descriptor. This is typically a security identifier (SID).
• Group: A pointer to a null-terminated string that specifies the primary group of the security descriptor. This is typically a security identifier (SID).
• Sacl: A pointer to an ACCESS_CONTROL_LIST structure that identifies the system access control list (SACL). The SACL specifies the types of operations that generate audit--access-entries.
• Dacl: A pointer to an ACCESS_CONTROL_LIST structure that identifies the discretionary access control list (DACL). The DACL identifies the securable object and represents the discretionary security for the object.

Remarks

A security descriptor can be created in self-relative format or absolute format. The IsValidSecurityDescriptor function can be used to determine if the security descriptor is valid.

When working with security descriptors, it is important to manage memory correctly. Functions like InitializeSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorDacl, and FreeSid are commonly used.

Related Structures

• ACL
• ACE
• SID

Related Functions

See Also

Access Control, Security Descriptors