Creates a new access control object with the specified protection type and flags.


func SecAccessControlCreateWithFlags(_ allocator: CFAllocator?, _ protection: CFTypeRef, _ flags: SecAccessControlCreateFlags, _ error: UnsafeMutablePointer<Unmanaged<CFError>?>?) -> SecAccessControl?



The allocator to use to allocate memory for the new SecAccessControl object. Pass NULL or kCFAllocatorDefault to allocate memory for the new allocator using the default allocator.


Protection class to be used for the item. Use one of the values that go with the kSecAttrAccessible attribute key, namely those listed in Accessibility Values.


Flags specifying the allowed operations for the item. See SecAccessControlCreateFlags.


On return, if an error occurred, the reference pointed at by this parameter refers to an error object that indicates the reason for failure. The caller is responsible for releasing the error object. Pass NULL for this parameter to ignore the error.

Return Value

The newly created access control object.


You use the result of this function as a value for the kSecAttrAccessControl attribute in the SecItemAdd(_:_:), SecItemUpdate(_:_:), or SecKeyGeneratePair(_:_:_:) functions.

Accessing keychain items or performing operations on keys that are protected by access control objects may block execution on the main thread. Perform these actions in the background, or use them in combination with the kSecUseAuthenticationContext and kSecUseAuthenticationUI attributes to manage user interactions.

See Also

Keychain Item Access

Sharing Access to Keychain Items Among a Collection of Apps

Enable apps to share keychain items with each other by adding the apps to an access group.

Keychain Access Groups Entitlement

The identifiers for the keychain groups that the app may share items with.

Key: keychain-access-groups
Restricting Keychain Item Accessibility

Set the conditions under which an app can access a keychain item such as a password.

struct SecAccessControlCreateFlags

Access control constants that dictate how a keychain item may be used.

class SecAccessControl

An opaque type that contains information about how a keychain item may be used.

func SecAccessControlGetTypeID() -> CFTypeID

Returns the unique identifier of the opaque type to which a keychain item access control object belongs.