Chapter 43. What Is an Access Control List?

Access Control Lists (ACL; rhymes with “cackle”) are used in two ways in Windows security. One type of ACL is designed to gate access, and the other is designed to audit access. The structure is the same in both cases, but the semantics of how the ACL is used differs. I'll focus first on ACLs that gate access, and then discuss how ACLs used for auditing differ. If you've read my discussion of security descriptors in Item 42, you'll recognize where these two types of ACLs are found. The DACL in a security descriptor is used to gate access whereas the SACL is used for auditing.

The basic structure of an ACL is shown in Figure 43.1. Each record in it is called an Access Control Entry, or ACE, and includes ...

Get The .NET Developer's Guide to Windows Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.