| dacl of <security descriptor> |
Returns the discretionary access control list (DACL) that identifies the users and groups who are allowed or denied access to the specified security descriptor.
Summary: This is a <Plain> Creation Method that creates a <discretionary access control list> type.
Type:
<discretionary access control list>
The <discretionary access control list> Inspectors retrieve information from the access control list that is monitored by the owner of the object and specifies what kinds of access particular users or groups can have to the specified object.
Type Derivation: This object type is derived from the <access control list> type.
Click for other Inspectors using <discretionary access control list>.
Derived From:
<access control list>
An Access Control List, or ACL, is a list of security protections that applies to an object. An object can be a file, process, event, or anything else having a security descriptor. An entry in an access control list (ACL) is an access control entry (ACE). These Inspectors work by exposing the GetEffectiveRightsFromAcl method, as explained at the MSDN site.
• Note: Requires Windows XP, Windows 2000 Professional, or Windows NT Workstation 3.1 and later.
Caution: These Windows Inspectors utilize the GetEffectiveRightsFromAcl API, which may introduce extra network load, particularly when looking up permissions of users and groups that do not exist or have complex relationships.
Note also:
The ACCESS_MASK is returned from the effective access mode as a double word defining standard, specific, and generic rights. These rights are used in access control entries (ACEs) and are the primary means of determining access to an object.
| Bits | Meaning |
| 0 through 15 | Specific rights. Contains the access mask specific to the object type associated with the mask. |
| 16 through 23 | Contains the object's standard access rights. |
| 24 | The Access system security bit is used to indicate access to a system access control list (SACL). If this flag is set in the access mask of an audit access ACE (successful or unsuccessful access), the SACL access will be audited. |
| 25 | Maximum allowed. |
| 26 through 27 | Reserved. |
| 28 | Generic all. |
| 29 | Generic execute. |
| 30 | Generic write. |
| 31 | Generic read. |
| Bit | Flag | Meaning |
| 16 | DELETE | Delete access. |
| 17 | READ_CONTROL | Read access to the owner, group, and discretionary access control list (DACL) of the security descriptor. |
| 18 | WRITE_DAC | Write access to the DACL. |
| 19 | WRITE_OWNER | Write access to owner. |
| 20 | SYNCHRONIZE | Synchronize access. |
Click for other Inspectors using <access control list>.
Minimum version(s) supported: Win 7.1, Ubu .