The object for which the user is requesting access contains the Security Descriptor. Whenever the user tries to access any object, a copy of the Access token is given to the thread executing the process. The Access token contains the information about the Security Identifier (SID) and the permissions held by the user. Whenever a user logs into the system, the system creates a unique Access Token for the user. SID is like an electronic key code that unlocks the file cabinet. You can also put an additional Security near the File cabinet, to maintain an information log (audit) about who are accessing the file cabinet (SACL). Such information is maintained in DACL as ACE entries. The various electronic lock codes for accessing the file cabinet are Permissions, which control who gains access to the file cabinet and what they can do inside the file cabinet. Imagine a “Folder” as a physical File folder cabinet with an electronic lock. Let us review the above concepts with a simple example.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |