About Access Control

The Win32 security functions support the following access-control features:

• Selective access to securable objects. You can specify different kinds of access for particular users or groups of users. For example, you can grant read and write access to all members of a group while denying write access to a particular member of the group.
• Administrative privileges. You can control which users or groups have the privileges necessary to perform various administrative functions. For example, any application that manipulates a system-wide resource must use the security system to gain access to that resource.
• Monitoring access to securable objects. For example, an administrator can cause the system to generate an audit record in the security event log every time a specified user reads a given file.