DACL (Discretionary Access Control List)
Part of the security descriptor for an object. The DACL can be applied
to a newly created object in order to restrict access to the object.
ACE (Access Control Entry)
An individual entry in an access control list (ACL). An access control
entry (ACE) contains an SID and describes the access rights to a system
resource by a specific user or group of users. Each object has a set of
all ACEs, which is used to determine whether an access request to the
object is granted.
SID (Security Identifier)
A value, unique across time and space, that identifies a process in the
security system. SIDs can either identify an individual process, usually
containing a user’s logon identifier, or a group of processes.
ACL (Access Control List)
An ordered list of access control entries (ACEs).
ACCESS RIGHT
A permission granted to a process to manipulate a specified object in a
particular way (by calling a system service). Different system object
types support different access rights, which are stored in an object’s
access control list (ACL).
SECURITY DESCRIPTOR
A data structure used to hold per-object security information, including
the object’s owner, group, protection attributes, and audit information.
with