Search Result

  dacl of <security descriptor>

Returns the discretionary access control list (DACL) that identifies the users and groups who are allowed or denied access to the specified security descriptor.

Summary: This is a <Plain> Creation Method that creates a <discretionary access control list> type.

Type:

<discretionary access control list>

The <discretionary access control list> Inspectors retrieve information from the access control list that is monitored by the owner of the object and specifies what kinds of access particular users or groups can have to the specified object.

Type Derivation: This object type is derived from the <access control list> type.

Click for other Inspectors using <discretionary access control list>.

Derived From:

<access control list>

An Access Control List, or ACL, is a list of security protections that applies to an object. An object can be a file, process, event, or anything else having a security descriptor. An entry in an access control list (ACL) is an access control entry (ACE). These Inspectors work by exposing the GetEffectiveRightsFromAcl method, as explained at the MSDN site.
Note: Requires Windows XP, Windows 2000 Professional, or Windows NT Workstation 3.1 and later.

Caution: These Windows Inspectors utilize the GetEffectiveRightsFromAcl API, which may introduce extra network load, particularly when looking up permissions of users and groups that do not exist or have complex relationships.

Note also:

The ACCESS_MASK is returned from the effective access mode as a double word defining standard, specific, and generic rights. These rights are used in access control entries (ACEs) and are the primary means of determining access to an object.

BitsMeaning
0 through 15Specific rights. Contains the access mask specific to the object type associated with the mask.
16 through 23Contains the object's standard access rights.
24The Access system security bit is used to indicate access to a system access control list (SACL). If this flag is set in the access mask of an audit access ACE (successful or unsuccessful access), the SACL access will be audited.
25Maximum allowed.
26 through 27Reserved.
28Generic all.
29Generic execute.
30Generic write.
31Generic read.

The standard rights bits from 16 to 23 contain the object's standard access rights and can be a combination of the following predefined flags:
BitFlagMeaning
16DELETEDelete access.
17READ_CONTROLRead access to the owner, group, and discretionary access control list (DACL) of the security descriptor.
18WRITE_DACWrite access to the DACL.
19WRITE_OWNERWrite access to owner.
20SYNCHRONIZESynchronize access.

Click for other Inspectors using <access control list>.

Minimum version(s) supported: Win 7.1, Ubu .


© Copyright 2011 by IBM Corporation.
All rights reserved.