please dont rip this site Prev Next

CreatePrivateObjectSecurity info  Overview  Group

The CreatePrivateObjectSecurity function allocates and initializes a self-relative security descriptor for a new protected serverís object. This function is called when a new protected server object is being created.

BOOL CreatePrivateObjectSecurity(

    PSECURITY_DESCRIPTOR ParentDescriptor,

// pointer to parent directory SD

    PSECURITY_DESCRIPTOR CreatorDescriptor,

// pointer to creator SD


// pointer to pointer to new SD

    BOOL IsDirectoryObject,

// container flag for new SD

    HANDLE Token,

// handle to clientís access token

    PGENERIC_MAPPING GenericMapping 

// pointer to access-rights structure



Points to the security descriptor for the parent directory in which a new object is being created. If there is no parent directory, this parameter can be NULL.
Points to a security descriptor provided by the creator of the object. If the objectís creator does not explicitly pass security information for the new object, this parameter is intended to be NULL.
Points to a pointer to the newly allocated security descriptor created when the function returns.
Specifies whether the new object is a container. A value of TRUE indicates the object contains other objects, such as a directory.
Identifies the access token for the client process on whose behalf the object is being created. If this is an impersonation token, it must be at SecurityIdentification level or higher. For a full description of the SecurityIdentification impersonation level, see the SECURITY_IMPERSONATION_LEVEL enumerated type

A client token is used to retrieve default security information for the new object, such as its default owner, primary group, and discretionary access-control list. The token must be open for TOKEN_QUERY access.

Points to a GENERIC_MAPPING structure that specifies the mapping from each generic right to specific rights for the object.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.


If a system access-control list, or SACL, is specified in the SECURITY_DESCRIPTOR specified by CreatorDescriptor, Token must have the SE_SECURITY_NAME privilege enabled, and the callerís token must have the SE_AUDIT_NAME privilege enabled. The CreatePrivateObjectSecurity function performs access/privilege checks to ensure this, and may generate audits during the process.

See Also

DestroyPrivateObjectSecurity, GENERIC_MAPPING, GetPrivateObjectSecurity, GetTokenInformation, OpenProcessToken, SECURITY_DESCRIPTOR, SECURITY_IMPERSONATION_LEVEL, SetPrivateObjectSecurity 

file: /Techref/os/win/api/win32/func/src/f10_17.htm, 5KB, , updated: 2000/4/7 12:19, local time: 2024/7/18 11:32,

 ©2024 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions?
Please DO link to this page! Digg it! / MAKE!

<A HREF=""> CreatePrivateObjectSecurity</A>

After you find an appropriate page, you are invited to your to this massmind site! (posts will be visible only to you before review) Just type a nice message (short messages are blocked as spam) in the box and press the Post button. (HTML welcomed, but not the <A tag: Instead, use the link box to link to another page. A tutorial is available Members can login to post directly, become page editors, and be credited for their posts.

Link? Put it here: 
if you want a response, please enter your email address: 
Attn spammers: All posts are reviewed before being made visible to anyone other than the poster.
Did you find what you needed?

  PICList 2024 contributors:
o List host: MIT, Site host, Top posters @none found
- Page Editors: James Newton, David Cary, and YOU!
* Roman Black of Black Robotics donates from sales of Linistep stepper controller kits.
* Ashley Roll of Digital Nemesis donates from sales of RCL-1 RS232 to TTL converters.
* Monthly Subscribers: Gregg Rew. on-going support is MOST appreciated!
* Contributors: Richard Seriani, Sr.

Welcome to!