Chapter 12-Lesson 2

• A Discretionary Access Control List (DACL) is an authorization restriction mechanism that identifies the users and groups that are allowed or denied access to an object.
• By default, a DACL is controlled by the owner of an object or the person who created the object.
• DACL contains ACEs (Access Control Entries) which are entries in an object’s DACL that grants permissions to a user or group.
• FileSystemRights enumeration is used to specify permissions regarding Files and Folders.
• A Security Access Control List (SACL) is a usage event logging mechanism that determines how file or folder access is audited.
• DACLs restrict access, whereas SACLs audit access.
• We can use the classes in the System.Security.AccessControl namespace to programmatically access DACLs, SACLs, and ACEs for files, folders, registry keys, cryptographic keys, Event Wait handles, mutexes, and semaphores.
• This entire namespace is new in .NET 2.0
• We may create objects of types inheriting from NativeObjectSecurity or AuthorizationRule classes and call GetAccessRules( ) or GetAuditRules( ) upon them to get an AuthorizationRuleCollection.
• In order to check/create access rules for registry, we may require Microsoft.Win32 namespace.
• AccessControlType enumeration determines Allow or Deny access when setting ACEs thorugh SetAccessRule( ) method.