{
	"id": "b7a68866-4bf0-48df-bdd6-8a5ab5f0a75f",
	"created_at": "2026-04-06T00:15:06.424723Z",
	"updated_at": "2026-04-10T13:12:58.457057Z",
	"deleted_at": null,
	"sha1_hash": "a038403da27bd1045b0590d0b577921308191559",
	"title": "Access Control Lists - Win32 apps",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43911,
	"plain_text": "Access Control Lists - Win32 apps\r\nBy GrantMeStrength\r\nArchived: 2026-04-05 12:47:03 UTC\r\nIn this article\r\n1. DACLs and SACLs\r\n2. Working with ACLs\r\n3. Related content\r\nAn access control list (ACL) is a list of access control entries (ACE). Each ACE in an ACL identifies a trustee and\r\nspecifies the access rights allowed, denied, or audited for that trustee. The security descriptor for a securable\r\nobject can contain two types of ACLs: a DACL and an SACL.\r\nDACLs and SACLs\r\nA discretionary access control list (DACL) identifies the trustees that are allowed or denied access to a securable\r\nobject. When a process tries to access a securable object, the system checks the ACEs in the object's DACL to\r\ndetermine whether to grant access to it. If the object doesn't have a DACL, the system grants full access to\r\neveryone. If the object's DACL has no ACEs, the system denies all attempts to access the object because the\r\nDACL doesn't allow any access rights. The system checks the ACEs in sequence until it finds one or more ACEs\r\nthat allow all the requested access rights, or until any of the requested access rights are denied. For more\r\ninformation, see How DACLs control access to an object. For information about how to properly create a DACL,\r\nsee Creating a DACL.\r\nA system access control list (SACL) allows administrators to log attempts to access a secured object. Each ACE\r\nspecifies the types of access attempts by a specified trustee that cause the system to generate a record in the\r\nsecurity event log. An ACE in an SACL can generate audit records when an access attempt fails, when it succeeds,\r\nor both. For more information about SACLs, see Audit generation and SACL access right.\r\nWorking with ACLs\r\nDon't try to work directly with the contents of an ACL. To ensure that ACLs are semantically correct, use the\r\nappropriate functions to create and manipulate ACLs. For more information, see Getting information from an ACL\r\nand Creating or modifying an ACL.\r\nACLs also provide access control to Microsoft Active Directory service objects. Active Directory Service\r\nInterfaces (ADSI) include routines to create and modify the contents of these ACLs. For more information, see\r\nControlling object access in Active Directory Domain Services.\r\nRelated content\r\nhttps://docs.microsoft.com/en-us/windows/win32/secauthz/access-control-lists\r\nPage 1 of 2\n\nAccess control entries\r\nAdditional resources\r\nTraining\r\nLast updated on 07/10/2025\r\nSource: https://docs.microsoft.com/en-us/windows/win32/secauthz/access-control-lists\r\nhttps://docs.microsoft.com/en-us/windows/win32/secauthz/access-control-lists\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://docs.microsoft.com/en-us/windows/win32/secauthz/access-control-lists"
	],
	"report_names": [
		"access-control-lists"
	],
	"threat_actors": [],
	"ts_created_at": 1775434506,
	"ts_updated_at": 1775826778,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a038403da27bd1045b0590d0b577921308191559.pdf",
		"text": "https://archive.orkl.eu/a038403da27bd1045b0590d0b577921308191559.txt",
		"img": "https://archive.orkl.eu/a038403da27bd1045b0590d0b577921308191559.jpg"
	}
}