ID: Q130543
3.10 3.50 3.51 4.00 WINDOWS NT kbprg
The information in this article applies to:
The Windows NT operating system allows the owner of an object to determine what types of access are granted or denied for a given user. This is referred to as Discretionary Access Control (DAC). In addition to granting the generic read and write types of access, the owner of an object can also grant other users the right to modify the access allowed to the object.
The access right to view the access allowed on an object is called READ_CONTROL. This is often granted as part of a generic right. The access right that allows someone to change the access for an object is called WRITE_DAC.
The owner of an object can always request WRITE_DAC and READ_CONTROL access to the object. This prevents a situation where the owner of an object can not manipulate the object. This also allows owners of objects to restrict their own access to the object (to guard against accidents) without having to explicitly grant READ_CONTROL and WRITE_DAC access to their accounts.
KBCategory: kbprg KBSubcategory: BseSecurity Additional reference words: 3.10 3.50 3.51 4.00 AccessCheck
Keywords : kbAPI kbKernBase kbGrpKernBase
Version : 3.10 3.50 3.51 4.00
Platform : NT WINDOWSLast Reviewed: December 18, 1996