|
Overview |
|
|
|
Group |
|
|
|
Quick Info
Windows NT
| Yes
| Win95
| No
| Win32s
| No
| Import Library
| advapi32.lib
| Header File
| winbase.h
| Unicode
| No
| Platform Notes
| None
|
|
|
SetSecurityDescriptorDacl
The
SetSecurityDescriptorDacl function sets information in a discretionary access-control list (ACL). If a
discretionary ACL is already present in the security descriptor, it is
replaced.
BOOL SetSecurityDescriptorDacl(
PSECURITY_DESCRIPTOR pSecurityDescriptor,
| // address of security descriptor
|
BOOL bDaclPresent,
| // flag for presence of discretionary ACL
|
PACL pDacl,
| // address of discretionary ACL
|
BOOL bDaclDefaulted
| // flag for default discretionary ACL
|
);
|
|
Parameters
pSecurityDescriptor
Points to the
SECURITY_DESCRIPTOR structure to which the function adds the discretionary ACL. This security
descriptor must be in absolute format, meaning that its members must be pointers
to other structures, rather than offsets to contiguous data.
bDaclPresent
Specifies a flag indicating the presence of a discretionary ACL in the
security descriptor. If this parameter is TRUE, the function sets the SE_DACL_PRESENT
flag in the
SECURITY_DESCRIPTOR_CONTROL structure and uses the values in the
pDacl and
bDaclDefaulted parameters. If it is FALSE, the function clears the SE_DACL_PRESENT flag, and
pDacl and
bDaclDefaulted are ignored.
pDacl
Points to an
ACL structure specifying the discretionary ACL for the security descriptor. If
this parameter is NULL, a NULL discretionary ACL is assigned to the security
descriptor, allowing all access to the object. The discretionary ACL is referenced
by, not copied into, the security descriptor.
bDaclDefaulted
Specifies a flag indicating the source of the discretionary ACL. If this flag
is TRUE, the discretionary ACL has been retrieved by some default mechanism. If
FALSE, the discretionary ACL has been explicitly specified by a user. The
function stores this value in the SE_DACL_DEFAULTED flag of the
SECURITY_DESCRIPTOR_CONTROL structure. If this parameter is not specified, the SE_DACL_DEFAULTED flag is
cleared.
Return Values
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error
information, call
GetLastError.
Remarks
There is an important difference between an empty and a nonexistent
discretionary ACL. When a discretionary ACL is empty, it contains no access-control
entries and no access rights have been explicitly granted. As a result, access to
the object is implicitly denied. When an object has no DACL, on the other hand,
no protection is assigned to the object, and any access request is granted.
There are three possible outcomes in different configurations of the
bDaclPresent flag and the
pDacl parameter:
- When the pDacl parameter points to a discretionary ACL and the bDaclPresent flag is TRUE, a discretionary ACL is specified and it must contain
access-allowed ACEs to allow access to the object.
- When the pDacl parameter does not point to a discretionary ACL and the bDaclPresent flag is TRUE, a NULL discretionary ACL is specified. All access is allowed.
- When the pDacl parameter does not point to a discretionary ACL and the bDaclPresent flag is FALSE, a discretionary ACL can be provided for the object through an
inheritance or default mechanism.
See Also
ACL,
GetSecurityDescriptorDacl,
InitializeSecurityDescriptor,
IsValidSecurityDescriptor,
SECURITY_DESCRIPTOR,
SECURITY_DESCRIPTOR_CONTROL,
SetSecurityDescriptorGroup,
SetSecurityDescriptorOwner,
SetSecurityDescriptorSacl
- Software for developers
-
Delphi Components
.Net Components
Software for Android Developers
- More information resources
-
MegaDetailed.Net
Unix Manual Pages
Delphi Examples
- Databases for Amazon shops developers
-
Amazon Categories Database
Browse Nodes Database
