Discretionary Access Control List (DACL) Is an authorization restriction mechanism that identifies the users and groups that are allowed or denied access to an object. It contains Access Control Entries (ACE) that determine user access to an object. An ACE is an entry in an object’s DACL that grants permission to a user or group.
Permission on: Folder, File, Registry value, Active Directory.
Security Access Control List (SACL) It is a usage event logging mechanism.
DACL restrict access whereas SACL audit access
How to enable Audit Object Access Security? How to view and configure ACLs from within an assembly? You can use classes in the System.Security.AccessControl namespace to programmatically access DACL, SACL , and ACEs for files, folders, registry keys, cryptographic keys, event wait handler, mutexes, and Semaphore.
AccessControl Namespace provides three classes: 1.
<Type>
Security, a. GetAccessRules b. AddAccessRule c. GetAuditRules d.
AddAuditRule Few Inherited Classes e. DirectorySecurity f. FileSecurity g. RegistrySecurity h. MutexSecurity
2.
<Type>
AccessRule 3. <Type> AuditRule These classes are inherited from the AuditRule, which in turn inherit from AuthorizationRule. |
.Net Framework 3.5 > User and Data Security >