Absolute and Self-Relative Security Descriptors
A security descriptor can be in either
absolute or
self-relative format. In absolute format, a security descriptor contains pointers to its
information, not the information itself. In self-relative format, a security
descriptor stores a
SECURITY_DESCRIPTOR structure and associated security information in a contiguous block of
memory. You can use the
MakeSelfRelativeSD and
MakeAbsoluteSD functions for converting between these two formats.
The absolute format is useful when default settings for the owner, group, and
discretionary ACL are available. In this case, you can simply call the
InitializeSecurityDescriptor function to initialize a
SECURITY_DESCRIPTOR structure and then assign pointers to preexisting components, such as SIDs
and ACLs.
In self-relative format, a security descriptor always begins with a
SECURITY_DESCRIPTOR structure, but the other components of the security descriptor can follow the
structure in any order. Instead of using memory addresses, the security
descriptor's components are identified by offsets from the beginning of the
descriptor. This format is useful when a security descriptor must be stored on disk,
transmitted by means of a communications protocol, or copied in memory.
All Win32 functions that return a security descriptor do so using the
self-relative format. Security descriptors passed back to the operating system can be
in either self-relative or absolute form, depending on the situation.
A server that copies secured objects to various media can use the
MakeSelfRelativeSD function to create a self-relative security descriptor from an absolute
security descriptor. The
MakeAbsoluteSD function can create an absolute security descriptor from a self-relative
security descriptor.
- Software for developers
-
Delphi Components
.Net Components
Software for Android Developers
- More information resources
-
MegaDetailed.Net
Unix Manual Pages
Delphi Examples
- Databases for Amazon shops developers
-
Amazon Categories Database
Browse Nodes Database
