INFO: Gaining Access to ACLs

ID: Q102098

The information in this article applies to:
  • Microsoft Win32 Application Programming Interface (API), used with:
    • Microsoft Windows NT versions 3.5, 3.51, 4.0
    • Microsoft Windows 2000

SUMMARY

To gain access to a security access control list (SACL), a process must have the SE_SECURITY_NAME privilege. When requesting access, the calling process must request ACCESS_SYSTEM_SECURITY in the desired access mask.

There is not a privilege that controls read or write access to a discretionary access control list (DACL). Instead, access to read and write an object's DACL is granted by the READ_CONTROL and WRITE_DAC access rights, respectively. These rights must be specifically granted to the user (or group containing the user) for DACL read or write access to be granted. If the owner of an object requests READ_CONTROL or WRITE_DAC, the access will always be granted.

Additional query words: 3.50

Keywords : kbAccCtrl kbAPI kbKernBase kbWinOS2000 kbSecurity kbDSupport kbGrpKernBase
Version : winnt:3.5,3.51,4.0
Platform : winnt
Issue type : kbinfo


Last Reviewed: December 29, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.