Example 3: Requesting Read and Write Access as Object Owner

In the example shown next, Windows NT knows by reading FredMgr's access token that he is a member of the Mgrs group. Processing of the ACL will stop as soon as Windows NT sees that NoAccess (None) is assigned to the Mgrs group, even though the other two ACEs allow Read, Write, and Execute access for FredMgr.

However, after failing to gain access via the discretionary ACL, Windows NT notices that FredMgr is the owner of the object. Because of this, he is granted ReadControl and WRITE_DAC automatically. Since this is all the access he is asking for, his request is granted.

If FredMgr had asked for any other access in addition to ReadControl and WRITE_DAC, the request would be denied even though Fred is the object's owner. In this case, FredMgr receives the following message:


G:\FILE2.TXT
You do not have permission to open this file.
See the owner of the file or an administrator to obtain permission.

In this case, because FredMgr is the owner, he can change his own permissions to grant himself appropriate access to the file.