Using Access Control List


Discretionary Access Control List (DACL)

Is an authorization restriction mechanism that identifies the users and groups that are allowed or denied access to an object.

It contains Access Control Entries (ACE) that determine user access to an object.

An ACE is an entry in an object’s DACL that grants permission to a user or group.

 

Permission on: Folder, File, Registry value, Active Directory.

 

Security Access Control List (SACL)

It is a usage event logging mechanism.

 

DACL restrict access whereas SACL audit access

 

How to enable Audit Object Access Security?

How to view and configure ACLs from within an assembly?

You can use classes in the System.Security.AccessControl namespace to programmatically access DACL, SACL , and ACEs for files, folders, registry keys, cryptographic keys, event wait handler, mutexes, and Semaphore.

 

AccessControl Namespace provides three classes:

1.      <Type> Security,
These classes are inherited from the NativeObjectSecurity
it has methods

a.       GetAccessRules

b.      AddAccessRule

c.       GetAuditRules

d.      AddAuditRule

Few Inherited Classes

e.       DirectorySecurity

f.       FileSecurity

g.      RegistrySecurity

h.      MutexSecurity

 

           

 

2.      <Type> AccessRule
These classes are inherited from the AccessRule, which in turn inherit from AuthorizationRule.

3.      <Type> AuditRule

These classes are inherited from the AuditRule, which in turn inherit from AuthorizationRule.

Comments