The meaning of ACL (access control lists)
Access control lists, abbreviated ACL, are a simple yet effective way of restricting access to resources such as files and folders, services, printers, registry values, and many more. The access control lists provide almost the same functionality as the permission demands.
Why do you need access control lists?
ACLs are very useful when it comes to configuring access to important or sensitive files, folders, or any other objects your application uses. You can restrict access to these in just a few easy steps. Another strong point of access control lists is that you can allow users to have access to objects and files that are normally restricted to them. If the application needs these resources, by using the ACLs, you can configure them to allow users to access them.
Discretionary Access Control Lists
Discretionary Access Control Lists, abbreviated DACL, is basically just an authorization restriction mechanism. It contains access control entries (ACEs) and identifies the groups and users and checks to see if they have the appropriate permissions to access an object. DACLs are used by Windows Vista and Windows Server 2008.
Discretionary access control lists are controlled by the person who created an object or by its owner. If a user or the group containing the user is not identified by the DACL, access to an object is strictly forbidden.
Calculating effective permissions (in C#, .NET, VB, ASP.NET, etc)
When calculating a users effective permissions, Windows does more than to simply search for the user’s name in the access control list. Since a single user can have a few different ACEs in the same ACL, Windows knows how to cumulate them. If the operating system can’t find any access control entries for a specific user, access is denied to that resource. This means that if a user has no explicit access rights, it is the same as being denied access. This works for C#, .NET, VB, ASP.NET, etc.
Key Exam Points
- Use ACL for C# and VB
- For the exam, study examples for Access Control Lists that help you to gain a better understanding of this topic
- Don't forget to check out the Access Control Entries
This article is based on the 2nd edition of the Microsoft .Net Framework Application Training Kit with the purpose to help 70-536 Exam takers to succeed. I constantly look for ways to improve the content. Please leave a comment about this article or drop me a message if you would like to see changes for this site.