SECURITY_IMPERSONATION_LEVEL - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
// wdm.h

typedef enum _SECURITY_IMPERSONATION_LEVEL {
  SecurityAnonymous,
  SecurityIdentification,
  SecurityImpersonation,
  SecurityDelegation
} SECURITY_IMPERSONATION_LEVEL, *PSECURITY_IMPERSONATION_LEVEL;

View the official Windows Driver Kit DDI reference
// wudfddi.h

typedef enum _SECURITY_IMPERSONATION_LEVEL {
  SecurityAnonymous,
  SecurityIdentification,
  SecurityImpersonation,
  SecurityDelegation
} SECURITY_IMPERSONATION_LEVEL;

View the official Windows Driver Kit DDI reference

NtDoc

No description available.

Edit description on GitHub

Windows Driver Kit DDI reference (ne-wdm-_security_impersonation_level)

_SECURITY_IMPERSONATION_LEVEL enumeration (wdm.h)

Description

The SECURITY_IMPERSONATION_LEVEL enumeration type contains values that specify security impersonation levels. Security impersonation levels govern the degree to which a server process can act on behalf of a client process.

Constants

SecurityAnonymous

The server process cannot obtain identification information about the client and it cannot impersonate the client. It is defined with no value given, and thus, by ANSI C rules, defaults to a value of zero.

SecurityIdentification

The server process can obtain information about the client, such as security identifiers and privileges, but it cannot impersonate the client. This is useful for servers that export their own objects, for example, database products that export tables and views. Using the retrieved client-security information, the server can make access-validation decisions without being able to utilize other services using the client's security context.

SecurityImpersonation

The server process can impersonate the client's security context on its local system. The server cannot impersonate the client on remote systems.

SecurityDelegation

The server process can impersonate the client's security context on remote systems.

Remarks

Impersonation is the ability of a process to take on the security attributes of another process.

Be aware of the following derived types:

#define DEFAULT_IMPERSONATION_LEVEL SecurityImpersonation
#define SECURITY_MAX_IMPERSONATION_LEVEL SecurityDelegation
#define SECURITY_MIN_IMPERSONATION_LEVEL SecurityAnonymous

See also

LUID

LUID_AND_ATTRIBUTES

PRIVILEGE_SET

PsImpersonateClient

PsReferenceImpersonationToken

SECURITY_SUBJECT_CONTEXT

SID_AND_ATTRIBUTES

SeAccessCheck

SeQueryInformationToken

ZwQueryInformationToken

View the official Windows Driver Kit DDI reference

Edit description on GitHub

Windows Driver Kit DDI reference (ne-wudfddi-_security_impersonation_level)

_SECURITY_IMPERSONATION_LEVEL enumeration (wudfddi.h)

Description

[Applies to UMDF only]

The SECURITY_IMPERSONATION_LEVEL enumeration contains values that identify security impersonation levels.

Constants

SecurityAnonymous

The driver cannot impersonate or identify the client.

SecurityIdentification

The driver can obtain the identity and privileges of the client but cannot impersonate the client.

SecurityImpersonation

The driver can impersonate the client's security context on the local system.

SecurityDelegation

The driver can impersonate the client's security context on remote systems.

Remarks

For more information about impersonation in the UMDF, see Handling Client Impersonation.

A UMDF driver supplies one of the values of SECURITY_IMPERSONATION_LEVEL to the IWDFIoRequest::Impersonate method to set the security impersonation level.

For more information about the security impersonation levels, see the SECURITY_IMPERSONATION_LEVEL enumeration type in the Microsoft Windows SDK documentation.

See also

IWDFIoRequest::Impersonate

View the official Windows Driver Kit DDI reference

Edit description on GitHub