!!! Overview[1]
[{$pagename}] ([DACL]) are a component of the [Security Descriptor] which identifies the [trustees] that are allowed or denied access to a [securable object] within [Microsoft Active Directory] or [Microsoft Windows]

[{$pagename}] is accessed when [access] to a [Securable object] is requested and the system checks the [ACEs] in the object's [{$pagename}] to determine whether to grant access to the [securable object]. 
* If the [securable object] does __NOT__ have a [{$pagename}], the system __grants full access__ to everyone. 
* If the [securable object]'s [{$pagename}] has no [Access Control Entry], the system __denies__ all attempts to access the object because the [{$pagename}] does not allow any access rights. 
The system checks the [Access Control Entries|Access Control Entry] in sequence until it finds one or more [ACEs] that __allow__ all the requested access rights, or until any of the requested access rights are __denied__. !! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Access Control Lists|https://msdn.microsoft.com/en-us/library/windows/desktop/aa374872(v=vs.85).aspx|target='_blank'] - based on information obtained 2016-08-10