Parameters 

Description 

const Sids: TJwSecurityIdList 

receives a list of Sids and its Attributes to be used as new groups in the security context. (like TokenGroups in a token).
The attributes (AttributesType) must be set to SE_GROUP_ENABLED (sidaGroupOwner) or SE_GROUP_USE_FOR_DENY_ONLY (sidaGroupUseForDenyOnly); otherwise the call to a WinAPI function wil fail with INVALID_PARAMETERS (87).
Origin: http://msdn2.microsoft.com/en-us/library/aa375798.aspx

• SE_GROUP_ENABLED - adds a group to the security context. It will be treated as if the User has entered a group.
• SE_GROUP_USE_FOR_DENY_ONLY - adds a group to the security context, but this group is only used for deny check. All positive ACE for this group in a DACL are ignored. Only Deny ACEs are recognized and can turn off other positive ACEs of other groups.

 

const RestrictedSids: TJwSecurityIdList 

receives a list of Sids and its Attributes to be used as new deny only groups in the security context. (like TokenGroups in a token).
The attributes (AttributesType) must be set to SE_GROUP_ENABLED (sidaGroupOwner) or SE_GROUP_USE_FOR_DENY_ONLY (sidaGroupUseForDenyOnly); otherwise the call to a WinAPI function wil fail with INVALID_PARAMETERS (87).
Origin: http://msdn2.microsoft.com/en-us/library/aa375798.aspx

• SE_GROUP_ENABLED - (probably) the same as parameter SID and attribute SE_GROUP_USE_FOR_DENY_ONLY.
• SE_GROUP_USE_FOR_DENY_ONLY - Results alway in Access Denied. However do not rely on me - maybe somebody with internal knowledge can comment it.

 

ResourceManager 

defines a resource manager instance. Must not be nil.