A DACL identifies trustees which are allowed or denied access to a securable object. The system will check the ACEs in a securable object's DACL when a process is trying to access the object, so as to determine the grant of access to it. When the object do not have a DACL, the system grants full access to everyone. The system will deny all attempts to access the object when the object's DACL has no ACEs, as the DACL does not allow any access rights. The system checks the ACEs in sequence until it finds the ACEs that allow all the requested access rights, or until any requested rights are denied.
A SACL enables administrators to log attempts to access a secured object. The types of access attempts by a trustee are specified by each ACE, and it causes the system to generate a record in the security event log. When an access attempt succeeds, fails or both, an ACE in a SACL can generate audit records.
References:
Hi Mr. Neo,
ReplyDeleteMay I applaud you for the informative post on ACL. Your post has taught me that not only does IP ACL exist, DACL, SACL and mother other Access Control Lists are out there protecting our systems through different ways. I have learnt that Access Control Entries are very important in an ACL, whereby the security component heavily depend on the presence of a ACE. Which without, will deny any traffic or incoming packets. Thank you for widening my knowledge.
Cheers, Xudong
Hello Pedo!
ReplyDeleteHow are you? Hope you're coping well coz lecturers/tutors are bombing us with more projects ! :( -> lol, idk what to say.
Anyway, Woots! finally Something different from others. I didn't know that SACL exists:/ so yeap, thanks for sharing! :D
hmm...Perhaps, you could further improve your posts by showing/explaining more on how both DACL and SACL works? :D
Other than the lack of further details, your post is straight to the point and looks presentable(formatting).
ps: your blog background is nice :D hehe!
Regards,
Awesome-est person in the world
(Hetty)