Pointer to the new `CAccessToken` object.

*sil*<br/>

Pointer to a [PROCESS_INFORMATION structure](/windows/win32/api/processthreadsapi/ns-processthreadsapi-process_information) that receives identification information about the new process.

*pStartupInfo*<br/>

*dwCreationFlags*<br/>

Specifies additional flags that control the priority class and the creation of the process. See the Win32 function [CreateProcessAsUser](/windows/desktop/api/processthreadsapi/nf-processthreadsapi-createprocessasusera) for a list of flags.

*pImpersonationLevel*<br/>

*pluid*<br/>

*pSource*<br/>

*pStatistics*<br/>

*pluid*<br/>

*pType*<br/>

If this parameter is FALSE, the access check is performed using the security context for the calling thread. If the thread is impersonating a client, this security context can be that of a client process. If this parameter is TRUE, the access check is made using the security context of the process for the calling thread.

*sil*<br/>

*RequiredPrivileges*<br/>

*pbResult*<br/>

Pointer to a value the method sets to indicate whether any or all of the specified privilege are enabled in the `CAccessToken` object.

The contents of each array correspond to each other, that is, the first element of the `CAccessMaskArray` array corresponds to the first element in the `CSidArray` array, and so on.

This method will retrieve all of the information about an individual ACE, providing more information than [CAcl::GetAclEntries](#getaclentries) alone makes available.

A `CDacl` object contains zero or more ACEs (access-control entries) that identify the users and groups who can access the object. This method adds an ACE that allows access to the `CDacl` object.

A `CDacl` object contains zero or more ACEs (access-control entries) that identify the users and groups who can access the object. This method adds an ACE that denies access to the `CDacl` object.

Specifies whether the new object can contain other objects. A value of true indicates that the new object is a container. A value of false indicates that the new object is not a container.

*GenericMapping*<br/>

Reference to the [CAccessToken](../../atl/reference/caccesstoken-class.md) object for the client process on whose behalf the object is being created.

*GenericMapping*<br/>

*ObjectType*<br/>

Pointer to a `GUID` structure that identifies the type of object associated with the current object. Set *ObjectType* to NULL if the object does not have a GUID.

Pointer to a [CSecurityDesc](../../atl/reference/csecuritydesc-class.md) object. The parts of this security descriptor indicated by the *si* parameter are applied to the object's security descriptor.

*GenericMapping*<br/>

*Token*<br/>

Reference to the [CAccessToken](../../atl/reference/caccesstoken-class.md) object for the client process on whose behalf the object is being created.

[Class Overview](../../atl/atl-class-overview.md)<br/>

[Security Global Functions](../../atl/reference/security-global-functions.md)<br/>

[CSecurityDesc Class](../../atl/reference/csecuritydesc-class.md)

|SACL_SECURITY_INFORMATION|Sets the key's system access-control list (SACL). The key must have ACCESS_SYSTEM_SECURITY access. The proper way to get this access is to enable the SE_SECURITY_NAME [privilege](/windows/desktop/secauthz/privileges) in the caller's current access token, open the handle for ACCESS_SYSTEM_SECURITY access, and then disable the privilege.|

*psd*<br/>

A `CSacl` object contains access-control entries (ACEs) that specify the types of access attempts that generate audit records in the security event log. This method adds such an ACE to the `CSacl` object.

For an introduction to the access control model in Windows, see [Access Control](/windows/desktop/SecAuthZ/access-control) in the Windows SDK.

[Security Sample](../../overview/visual-cpp-samples.md)<br/>

[SECURITY_ATTRIBUTES](/previous-versions/windows/desktop/legacy/aa379560\(v=vs.85\))<br/>

[Class Overview](../../atl/atl-class-overview.md)<br/>

[Security Global Functions](../../atl/reference/security-global-functions.md)