NAME¶

NtAccessCheck (NTDLL.@)

SYNOPSIS¶

NTSTATUS NtAccessCheck
(
PSECURITY_DESCRIPTOR SecurityDescriptor,
HANDLE ClientToken,
ACCESS_MASK DesiredAccess,
PGENERIC_MAPPING GenericMapping,
PPRIVILEGE_SET PrivilegeSet,
PULONG ReturnLength,
PULONG GrantedAccess,
NTSTATUS* AccessStatus
)

DESCRIPTION¶

Checks that a user represented by a token is allowed to access an object represented by a security descriptor.

PARAMS¶

SecurityDescriptor [In] The security descriptor of the object to check. ClientToken [In] Token of the user accessing the object. DesiredAccess [In] The desired access to the object. GenericMapping [In] Mapping used to transform access rights in the SD to their specific forms. PrivilegeSet [In/Out] Privileges used during the access check. ReturnLength [Out] Number of bytes stored into PrivilegeSet. GrantedAccess [Out] The actual access rights granted. AccessStatus [Out] The status of the access check.

RETURNS¶

NTSTATUS code.

NOTES¶

DesiredAccess may be MAXIMUM_ALLOWED, in which case the function determines the maximum access rights allowed by the SD and returns them in GrantedAccess. The SecurityDescriptor must have a valid owner and groups present, otherwise the function will fail.

IMPLEMENTATION¶

Declared in "winternl.h". Implemented in "dlls/ntdll/sec.c". Debug channel "ntdll".