jspωiki
Discretionary Access Control List

Overview[1]#

Discretionary Access Control List (DACL) identifies the trustees that are allowed or denied access to a securable object. Microsoft

When a process tries to access a securable object, the system checks the ACEs in the object's Discretionary Access Control List to determine whether to grant access to the securable object.

If the securable object does NOT have a Discretionary Access Control List, the system grants full access to everyone.

If the securable object's Discretionary Access Control List has no ACEs, the system denies all attempts to access the object because the Discretionary Access Control List does not allow any access rights.

The system checks the ACEs in sequence until it finds one or more ACEs that allow all the requested access rights, or until any of the requested access rights are denied.

For more information, see How DACLs Control Access to an Object. For information about how to properly create a DACL, see Creating a DACL.

More Information#

There might be more information for this subject on one of the following: