Microsoft KB Archive/130543

{|
 * width="100%"|

INFO: Owners Have Special Access to Their Objects

 * }

Q130543

-

The information in this article applies to:


 * Microsoft Win32 Software Development Kit (SDK), used with:
 * the operating system: Microsoft Windows NT, versions 3.5, 3.51, 4.0
 * the operating system: Microsoft Windows 2000

-

SUMMARY
The Windows NT operating system allows the owner of an object to determine what types of access are granted or denied for a given user. This is referred to as Discretionary Access Control (DAC). In addition to granting the generic read and write types of access, the owner of an object can also grant other users the right to modify the access allowed to the object.

The access right to view the access allowed on an object is called READ_CONTROL. This is often granted as part of a generic right. The access right that allows someone to change the access for an object is called WRITE_DAC.

The owner of an object can always request WRITE_DAC and READ_CONTROL access to the object. This prevents a situation where the owner of an object can not manipulate the object. This also allows owners of objects to restrict their own access to the object (to guard against accidents) without having to explicitly grant READ_CONTROL and WRITE_DAC access to their accounts.

Additional query words: 3.10 3.50 AccessCheck

Keywords : kbAccCtrl kbAPI kbKernBase kbOSWin2000 kbSecurity kbDSupport kbGrpDSKernBase

Issue type : kbinfo

Technology : kbWin32SDKSearch kbAudDeveloper kbSDKSearch kbWin32sSearch