|
Term |
Description |
Security Descriptor (SD) |
Every NT object (files, Registry keys, named pipes, user objects, and so on) has an object owner and an Access Control List
|
Access Control List (ACL) |
A list that specifies users and groups and their access permissions on that object
|
Discretionary Access Control List (DACL) |
Contains an entry for each user, global group, or local group that is given access permission (whether allowing or denying access) to the object
|
System Access Control List (SACL) |
Like DACL, but each ACE
specifies an auditing directive instead of a user/group right
|
Access Control Entry (ACE) |
Each ACL contains zero or more ACEs, one for each user's or group's rights in the ACL
|
Security Identifier (SID) |
A unique value of variable length used to identify a user or group account, or a logon session |