Q102098 - INFO: Gaining Access to ACLs

INFO: Gaining Access to ACLs

Q102098

The information in this article applies to:

Microsoft Win32 Application Programming Interface (API), used with:
- the operating system: Microsoft Windows NT, versions 3.5, 3.51, 4.0
- the operating system: Microsoft Windows 2000

SUMMARY

To gain access to a security access control list (SACL), a process must have the SE_SECURITY_NAME privilege. When requesting access, the calling process must request ACCESS_SYSTEM_SECURITY in the desired access mask.

There is not a privilege that controls read or write access to a discretionary access control list (DACL). Instead, access to read and write an object's DACL is granted by the READ_CONTROL and WRITE_DAC access rights, respectively. These rights must be specifically granted to the user (or group containing the user) for DACL read or write access to be granted. If the owner of an object requests READ_CONTROL or WRITE_DAC, the access will always be granted.

Additional query words: 3.50

Keywords : kbAccCtrl kbAPI kbKernBase kbOSWin2000 kbSecurity kbDSupport kbGrpDSKernBase
Issue type : kbinfo
Technology : kbAudDeveloper kbWin32sSearch kbWin32API