INFO: Owners Have Special Access to Their Objects
Article ID: 130543
Article Last Modified on 7/11/2005
APPLIES TO
- Microsoft Platform Software Development Kit-January 2000 Edition, when used with:
- Microsoft Windows NT 3.51 Service Pack 5
- Microsoft Windows 2000 Standard Edition
- Microsoft Windows XP Professional
This article was previously published under Q130543
SUMMARY
The Windows NT operating system allows the owner of an object to determine
what types of access are granted or denied for a given user. This is
referred to as Discretionary Access Control (DAC). In addition to granting
the generic read and write types of access, the owner of an object can also
grant other users the right to modify the access allowed to the object.
The access right to view the access allowed on an object is called
READ_CONTROL. This is often granted as part of a generic right. The access
right that allows someone to change the access for an object is called
WRITE_DAC.
The owner of an object can always request WRITE_DAC and READ_CONTROL access
to the object. This prevents a situation where the owner of an object can
not manipulate the object. This also allows owners of objects to restrict
their own access to the object (to guard against accidents) without having
to explicitly grant READ_CONTROL and WRITE_DAC access to their accounts.
Additional query words: 3.10 3.50 AccessCheck
Keywords: kbinfo kbapi kbkernbase kbsecurity kbacl KB130543