NTSTATUS SeAccessCheckByType( __in PSECURITY_DESCRIPTOR SecurityDescriptor, __in_opt PSID PrincipalSelfSid, __in HANDLE ClientToken, __in ACCESS_MASK DesiredAccess, __in_ecount_opt(ObjectTypeListLength ); Routine Description: See module abstract. Arguments: SecurityDescriptor - Supplies the security descriptor protecting the object being accessed PrincipalSelfSid - If the object being access checked is an object which represents a principal (e.g., a user object), this parameter should be the SID of the object. Any ACE containing the constant PRINCIPAL_SELF_SID is replaced by this SID. The parameter should be NULL if the object does not represent a principal. ClientToken - Supplies the handle of the user's token. DesiredAccess - Supplies the desired access mask. ObjectTypeList - Supplies a list of GUIDs representing the object (and sub-objects) being accessed. If no list is present, AccessCheckByType behaves identically to AccessCheck. ObjectTypeListLength - Specifies the number of elements in the ObjectTypeList. GenericMapping - Supplies the generic mapping associated with this object type. PrivilegeSet - A pointer to a buffer that upon return will contain any privileges that were used to perform the access validation. If no privileges were used, the buffer will contain a privilege set consisting of zero privileges. PrivilegeSetLength - The size of the PrivilegeSet buffer in bytes. GrantedAccess - Returns an access mask describing the granted access. AccessStatus - Status value that may be returned indicating the reason why access was denied. Routines should avoid hardcoding a return value of STATUS_ACCESS_DENIED so that a different value can be returned when mandatory access control is implemented. ReturnResultList - If true, GrantedAccess and AccessStatus are actually arrays of entries ObjectTypeListLength elements long. Return Value: STATUS_SUCCESS - The attempt proceeded normally. This does not mean access was granted, rather that the parameters were correct. STATUS_GENERIC_NOT_MAPPED - The DesiredAccess mask contained an unmapped generic access. STATUS_BUFFER_TOO_SMALL - The passed buffer was not large enough to contain the information being returned. STATUS_NO_IMPERSONTAION_TOKEN - The passed Token was not an impersonation token.