| Platform SDK: Access Control |
If the DACL belonging to an object's security descriptor is set to NULL, a null DACL is created. A null DACL should not be confused with an empty DACL. An empty DACL is a properly allocated and initialized DACL containing no ACEs. An empty DACL grants no access to the object it is assigned to. However, a null DACL grants full access to any user that requests it; normal security checking is not performed with respect to the object.
Refer to Creating a Null DACL for an example of how to create a null DACL.