Authorization

• Security descriptor

  • Protect resources: files, programs, printers, etc.
  • Discretionary Access Control List (DACL)
    • Ordered list of Access Control Entries (ACEs)
      • Stores SID
      • What security principal with that SID may do
    • First ACE to match access token SID determines authorization
    • Inclusive or exclusive security policy (or both)

Previous slide

Next slide

Back to first slide

View graphic version