INFO: Owners Have Special Access to Their Objects

ID: Q130543

The information in this article applies to:
  • Microsoft Win32 Software Development Kit (SDK), used with:
    • Microsoft Windows NT versions 3.5, 3.51, 4.0
    • Microsoft Windows 2000

SUMMARY

The Windows NT operating system allows the owner of an object to determine what types of access are granted or denied for a given user. This is referred to as Discretionary Access Control (DAC). In addition to granting the generic read and write types of access, the owner of an object can also grant other users the right to modify the access allowed to the object.

The access right to view the access allowed on an object is called READ_CONTROL. This is often granted as part of a generic right. The access right that allows someone to change the access for an object is called WRITE_DAC.

The owner of an object can always request WRITE_DAC and READ_CONTROL access to the object. This prevents a situation where the owner of an object can not manipulate the object. This also allows owners of objects to restrict their own access to the object (to guard against accidents) without having to explicitly grant READ_CONTROL and WRITE_DAC access to their accounts.

Additional query words: 3.10 3.50 AccessCheck

Keywords : kbAccCtrl kbAPI kbKernBase kbWinOS2000 kbSecurity kbDSupport kbGrpKernBase
Version : WINDOWS:
Platform : WINDOWS
Issue type : kbinfo


Last Reviewed: January 5, 2000
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.