Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The following structures are used with authorization applications.
In this section
| Topic | Description |
|---|---|
| ACCESS_ALLOWED_ACE |
Defines an access control entry (ACE) for the discretionary access control list (DACL) that controls access to an object. An access-allowed ACE allows access to an object for a specific trustee identified by a security identifier (SID). |
| ACCESS_ALLOWED_CALLBACK_ACE |
The ACCESS_ALLOWED_CALLBACK_ACE structure defines an access control entry for the discretionary access control list that controls access to an object. |
| ACCESS_ALLOWED_CALLBACK_OBJECT_ACE |
Defines an access control entry (ACE) that controls allowed access to an object, property set, or property. |
| ACCESS_ALLOWED_OBJECT_ACE |
Defines an access control entry (ACE) that controls allowed access to an object, a property set, or property. |
| ACCESS_DENIED_ACE |
Defines an access control entry (ACE) for the discretionary access control list (DACL) that controls access to an object. An access-denied ACE denies access to an object for a specific trustee identified by a security identifier (SID). |
| ACCESS_DENIED_CALLBACK_ACE |
The ACCESS_DENIED_CALLBACK_ACE structure defines an access control entry for the discretionary access control list that controls access to an object. |
| ACCESS_DENIED_CALLBACK_OBJECT_ACE |
The ACCESS_DENIED_CALLBACK_OBJECT_ACE structure defines an access control entry that controls denied access to an object, a property set, or property. |
| ACCESS_DENIED_OBJECT_ACE |
Defines an access control entry (ACE) that controls denied access to an object, a property set, or property. |
| ACE |
Lists the currently defined ACE types. |
| ACE_HEADER |
Defines the type and size of an access control entry (ACE). |
| ACL |
Header of an access control list (ACL). |
| ACL_REVISION_INFORMATION |
Contains revision information about an ACL structure. |
| ACL_SIZE_INFORMATION |
Contains information about the size of an ACL structure. |
| AUDIT_POLICY_INFORMATION |
Specifies a security event type and when to audit that type. |
| AUTHZ_ACCESS_REPLY |
Defines an access check reply. |
| AUTHZ_ACCESS_REQUEST |
Defines an access check request. |
| AUTHZ_INIT_INFO |
Defines the initialization information for the resource manager. |
| AUTHZ_REGISTRATION_OBJECT_TYPE_NAME_OFFSET |
Specifies the offset of a registration object type name. |
| AUTHZ_RPC_INIT_INFO_CLIENT |
initializes a remote resource manager for a client. |
| AUTHZ_SECURITY_ATTRIBUTE_FQBN_VALUE |
Specifies a fully qualified binary name value associated with a security attribute. |
| AUTHZ_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE |
Specifies an octet string value for a security attribute. |
| AUTHZ_SECURITY_ATTRIBUTE_V1 |
Defines a security attribute that can be associated with an authorization context. |
| AUTHZ_SECURITY_ATTRIBUTES_INFORMATION |
Specifies one or more security attributes and values. |
| AUTHZ_SOURCE_SCHEMA_REGISTRATION |
Specifies information about source schema registration. |
| CLAIM_SECURITY_ATTRIBUTE_FQBN_VALUE |
Specifies the fully qualified binary name. |
| CLAIM_SECURITY_ATTRIBUTE_OCTET_STRING_VALUE |
Specifies the OCTET_STRING value type of the claim security attribute. |
| CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 |
Defines a resource attribute that is defined in continuous memory for persistence within a serialized security descriptor. |
| CLAIM_SECURITY_ATTRIBUTE_V1 |
Defines a security attribute that can be associated with a token or authorization context. |
| CLAIM_SECURITY_ATTRIBUTES_INFORMATION |
Defines the security attributes for the claim. |
| EFFPERM_RESULT_LIST |
Lists the effective permissions. |
| EXPLICIT_ACCESS |
Defines access control information for a specified trustee. |
| GENERIC_MAPPING |
Defines the mapping of generic access rights to specific and standard access rights for an object. |
| INHERITED_FROM |
Provides information about an object's inherited access control entry (ACE). |
| LUID |
64-bit value guaranteed to be unique only on the system on which it was generated. |
| LUID_AND_ATTRIBUTES |
Represents a locally unique identifier (LUID) and its attributes. |
| OBJECT_TYPE_LIST |
Identifies an object type element in a hierarchy of object types. |
| OBJECTS_AND_NAME |
Contains a string that identifies a trustee by name and additional strings that identify the object types of an object-specific access control entry (ACE). |
| OBJECTS_AND_SID |
Contains a security identifier (SID) that identifies a trustee and GUIDs that identify the object types of an object-specific access control entry (ACE). |
| POLICY_AUDIT_SID_ARRAY |
Specifies an array of SID structures that represent Windows users or groups. |
| PRIVILEGE_SET |
Specifies a set of privileges. |
| SECURITY_ATTRIBUTES |
The SECURITY_ATTRIBUTES security structure contains the security descriptor for an object and specifies whether the handle retrieved by specifying this structure is inheritable. |
| SECURITY_CAPABILITIES |
Defines the security capabilities of the app container. |
| SECURITY_DESCRIPTOR |
Contains the security information associated with an object. |
| SECURITY_OBJECT |
Contains the security object information. |
| SECURITY_QUALITY_OF_SERVICE |
Contains information used to support client impersonation. |
| SI_ACCESS |
Contains information about an access right or default access mask for a securable object. |
| SI_INHERIT_TYPE |
Contains information about how access control entries (ACEs) can be inherited by child objects. |
| SI_OBJECT_INFO |
Used to initialize the access control editor. |
| SID |
Used to uniquely identify users or groups. |
| SID_AND_ATTRIBUTES |
Represents a security identifier (SID) and its attributes. |
| SID_AND_ATTRIBUTES_HASH |
Specifies a hash values for the specified array of security identifiers (SIDs) |
| SID_IDENTIFIER_AUTHORITY |
Represents the top-level authority of a security identifier (SID). |
| SID_INFO |
Contains the list of common names corresponding to the SID structures returned by ISecurityInformation2::LookupSids. |
| SID_INFO_LIST |
Contains a list of SID_INFO structures. |
| SYSTEM_ALARM_ACE |
The SYSTEM_ALARM_ACE structure is reserved for future use. |
| SYSTEM_ALARM_CALLBACK_ACE |
The SYSTEM_ALARM_CALLBACK_ACE structure is reserved for future use. |
| SYSTEM_ALARM_CALLBACK_OBJECT_ACE |
The SYSTEM_ALARM_CALLBACK_OBJECT_ACE structure is reserved for future use. |
| SYSTEM_ALARM_OBJECT_ACE |
The SYSTEM_ALARM_OBJECT_ACE structure is reserved for future use. |
| SYSTEM_AUDIT_ACE |
Defines an access control entry (ACE) for the system access control list (SACL) that specifies what types of access cause system-level notifications. |
| SYSTEM_AUDIT_CALLBACK_ACE |
The SYSTEM_AUDIT_CALLBACK_ACE structure defines an access control entry for the system access control list that specifies what types of access cause system-level notifications. |
| SYSTEM_AUDIT_CALLBACK_OBJECT_ACE |
The SYSTEM_AUDIT_CALLBACK_OBJECT_ACE structure defines an access control entry for a system access control list. |
| SYSTEM_AUDIT_OBJECT_ACE |
Defines an access control entry (ACE) for a system access control list (SACL). |
| SYSTEM_MANDATORY_LABEL_ACE |
Defines an access control entry (ACE) for the system access control list (SACL) that specifies the mandatory access level and policy for a securable object. |
| SYSTEM_RESOURCE_ATTRIBUTE_ACE |
Defines an access control entry (ACE) for the system access control list (SACL) that specifies the system resource attributes for a securable object. |
| SYSTEM_SCOPED_POLICY_ID_ACE |
Defines an access control entry (ACE) for the system access control list (SACL) that specifies the scoped policy identifier for a securable object. |
| TOKEN_ACCESS_INFORMATION |
Specifies all the information in a token that is necessary to perform an access check. |
| TOKEN_APPCONTAINER_INFORMATION |
Specifies all the information in a token that is necessary for an app container. |
| TOKEN_AUDIT_POLICY |
Specifies the per user audit policy for a token. |
| TOKEN_CONTROL |
Contains information that identifies an access token. |
| TOKEN_DEFAULT_DACL |
Specifies a discretionary access control list (DACL). |
| TOKEN_DEVICE_CLAIMS |
Defines the device claims for the token. |
| TOKEN_ELEVATION |
Indicates whether a token has elevated privileges. |
| TOKEN_GROUPS |
Contains information about the group security identifiers (SIDs) in an access token. |
| TOKEN_GROUPS_AND_PRIVILEGES |
Contains information about the group security identifiers (SIDs) and privileges in an access token. |
| TOKEN_LINKED_TOKEN |
Contains a handle to a token. This token is linked to the token being queried by the GetTokenInformation function or set by the SetTokenInformation function. |
| TOKEN_MANDATORY_LABEL |
Specifies the mandatory integrity level for a token. |
| TOKEN_MANDATORY_POLICY |
Specifies the mandatory integrity policy for a token. |
| TOKEN_ORIGIN |
Contains information about the origin of the logon session. |
| TOKEN_OWNER |
Contains the default owner security identifier (SID) that will be applied to newly created objects. |
| TOKEN_PRIMARY_GROUP |
Specifies a group security identifier (SID) for an access token. |
| TOKEN_PRIVILEGES |
Contains information about a set of privileges for an access token. |
| TOKEN_SOURCE |
Identifies the source of an access token. |
| TOKEN_STATISTICS |
Contains information about an access token. |
| TOKEN_USER |
Identifies the user associated with an access token. |
| TOKEN_USER_CLAIMS |
Defines the user claims for the token. |
| TRUSTEE |
Identifies the user account, group account, or logon session to which an access control entry (ACE) applies. |
Authorization structures are categorized according to usage as follows:
- Basic Access Control Structures
- Access Control Editor Structures
- Client/Server Access Control Structures
Basic Access Control Structures
The following structures are used with access control.
- ACCESS_ALLOWED_ACE
- ACCESS_ALLOWED_CALLBACK_ACE
- ACCESS_ALLOWED_CALLBACK_OBJECT_ACE
- ACCESS_ALLOWED_OBJECT_ACE
- ACCESS_DENIED_ACE
- ACCESS_DENIED_CALLBACK_ACE
- ACCESS_DENIED_CALLBACK_OBJECT_ACE
- ACCESS_DENIED_OBJECT_ACE
- ACE
- ACE_HEADER
- ACL
- ACL_REVISION_INFORMATION
- ACL_SIZE_INFORMATION
- EXPLICIT_ACCESS
- LUID
- LUID_AND_ATTRIBUTES
- OBJECTS_AND_NAME
- OBJECTS_AND_SID
- SECURITY_ATTRIBUTES
- SECURITY_DESCRIPTOR
- SID
- SID_AND_ATTRIBUTES
- SID_IDENTIFIER_AUTHORITY
- SYSTEM_ALARM_ACE
- SYSTEM_ALARM_CALLBACK_ACE
- SYSTEM_ALARM_CALLBACK_OBJECT_ACE
- SYSTEM_ALARM_OBJECT_ACE
- SYSTEM_AUDIT_ACE
- SYSTEM_AUDIT_CALLBACK_ACE
- SYSTEM_AUDIT_CALLBACK_OBJECT_ACE
- SYSTEM_AUDIT_OBJECT_ACE
- SYSTEM_MANDATORY_LABEL_ACE
- TOKEN_CONTROL
- TOKEN_DEFAULT_DACL
- TOKEN_GROUPS
- TOKEN_GROUPS_AND_PRIVILEGES
- TOKEN_ORIGIN
- TOKEN_OWNER
- TOKEN_PRIMARY_GROUP
- TOKEN_PRIVILEGES
- TOKEN_SOURCE
- TOKEN_STATISTICS
- TOKEN_USER
- TRUSTEE
Access Control Editor Structures
The following structures are used with the access control editor.
Client/Server Access Control Structures
The following structures implement client/server access control functionality.