Microsoft KB Archive/102098

From BetaArchive Wiki
< Microsoft KB Archive
Revision as of 20:57, 16 July 2020 by X010 (talk | contribs) (1 revision imported: importing part 2)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

INFO: Gaining Access to ACLs

Q102098



The information in this article applies to:


  • Microsoft Win32 Application Programming Interface (API), used with:
    • the operating system: Microsoft Windows NT, versions 3.5, 3.51, 4.0
    • the operating system: Microsoft Windows 2000





SUMMARY

To gain access to a security access control list (SACL), a process must have the SE_SECURITY_NAME privilege. When requesting access, the calling process must request ACCESS_SYSTEM_SECURITY in the desired access mask.

There is not a privilege that controls read or write access to a discretionary access control list (DACL). Instead, access to read and write an object's DACL is granted by the READ_CONTROL and WRITE_DAC access rights, respectively. These rights must be specifically granted to the user (or group containing the user) for DACL read or write access to be granted. If the owner of an object requests READ_CONTROL or WRITE_DAC, the access will always be granted.

Additional query words: 3.50

Keywords : kbAccCtrl kbAPI kbKernBase kbOSWin2000 kbSecurity kbDSupport kbGrpDSKernBase
Issue type : kbinfo
Technology : kbAudDeveloper kbWin32sSearch kbWin32API


Last Reviewed: October 27, 2000
© 2001 Microsoft Corporation. All rights reserved. Terms of Use.