Security
Security |
|
To determine whether the user of an application is permitted access to a resource such as a file or a printer, the Windows operating system takes the user information from the security token associated with the application, and compares this information with the discretionary access control lists (DACLs) associated with that resource. A DACL is a list of access control entries (ACEs) that contain a user name or group, and include which permission that user or group has for each resource.
To use and set DACLs on files you must be using the NTFS file system.
The comparison of DACLs and user information is what determines who can gain access to a resource in the Windows operating system. If the DACL and the user information in the token are not the same, the user is denied access to that resource.