INFO: Owners Have Special Access to Their Objects (130543)
The information in this article applies to:
- Microsoft Platform Software Development Kit (SDK) 1.0, when used with:
- the operating system: Microsoft Windows NT 3.5
- the operating system: Microsoft Windows NT 3.51
- the operating system: Microsoft Windows NT 4.0
- the operating system: Microsoft Windows 2000
- the operating system: Microsoft Windows XP
This article was previously published under Q130543 SUMMARY
The Windows NT operating system allows the owner of an object to determine
what types of access are granted or denied for a given user. This is
referred to as Discretionary Access Control (DAC). In addition to granting
the generic read and write types of access, the owner of an object can also
grant other users the right to modify the access allowed to the object.
The access right to view the access allowed on an object is called
READ_CONTROL. This is often granted as part of a generic right. The access
right that allows someone to change the access for an object is called
WRITE_DAC.
The owner of an object can always request WRITE_DAC and READ_CONTROL access
to the object. This prevents a situation where the owner of an object can
not manipulate the object. This also allows owners of objects to restrict
their own access to the object (to guard against accidents) without having
to explicitly grant READ_CONTROL and WRITE_DAC access to their accounts.
Modification Type: | Minor | Last Reviewed: | 7/11/2005 |
---|
Keywords: | kbACL kbAPI kbinfo kbKernBase kbSecurity KB130543 |
---|
|