Registrations are now open. Join us today!
There is still a lot of work to do on the wiki yet! More information about editing can be found here.
Already have an account?

Microsoft KB Archive/102098

From BetaArchive Wiki

INFO: Gaining Access to ACLs

Q102098



The information in this article applies to:


  • Microsoft Win32 Application Programming Interface (API), used with:
    • the operating system: Microsoft Windows NT, versions 3.5, 3.51, 4.0
    • the operating system: Microsoft Windows 2000





SUMMARY

To gain access to a security access control list (SACL), a process must have the SE_SECURITY_NAME privilege. When requesting access, the calling process must request ACCESS_SYSTEM_SECURITY in the desired access mask.

There is not a privilege that controls read or write access to a discretionary access control list (DACL). Instead, access to read and write an object's DACL is granted by the READ_CONTROL and WRITE_DAC access rights, respectively. These rights must be specifically granted to the user (or group containing the user) for DACL read or write access to be granted. If the owner of an object requests READ_CONTROL or WRITE_DAC, the access will always be granted.

Additional query words: 3.50

Keywords : kbAccCtrl kbAPI kbKernBase kbOSWin2000 kbSecurity kbDSupport kbGrpDSKernBase
Issue type : kbinfo
Technology : kbAudDeveloper kbWin32sSearch kbWin32API


Last Reviewed: October 27, 2000
© 2001 Microsoft Corporation. All rights reserved. Terms of Use.