Access Control Reference

The Win32 API provides three sets of functions for working with security descriptors and access-control lists (ACLs).

• Functions for Windows NT version 5.0 and later that support object-specific ACEs, directory service (DS) objects, and securable objects on systems other than Windows NT. Use these functions if you are designing your application to run on Windows NT versions 5.0 and later. These functions are described in this overview.
• Functions for Windows NT version 4.0 and later that provide an interface for working with security descriptors and access-control lists (ACLs). For more information, see Windows NT 4.0 Access Control.
• Low-level functions for manipulating security descriptors, ACLs, and ACEs. You must use these functions if your application needs to be compatible with Windows NT versions 3.51 and earlier. For more information, see Low-Level Access Control.

Windows NT versions 5.0 and later support all three sets. In general, you should use one set of access-control functions throughout your application.

All versions of Windows NT support a single set of security functions for working with privileges, access tokens, and SIDs.

The following elements are used with access control.

• Access Control Functions
• Access Control Structures
• Access Control Enumeration Types
• Windows NT Privileges
• Provider-Independent and Windows NT Access Rights