GetEffectivePermissions and Implementing DACL Inheritence
chris.rosner_at_gmail.com
Date: 08/27/05
- Next message: Wong Tuck Wah: "RE: find all folders a user has rights to."
- Previous message: KT: "Program installation history"
- Next in thread: Roger Abell: "Re: GetEffectivePermissions and Implementing DACL Inheritence"
- Reply: Roger Abell: "Re: GetEffectivePermissions and Implementing DACL Inheritence"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 26 Aug 2005 16:41:05 -0700
This question has to do with Win32 security functions.
I am not entirely certain as to why, but GetEffectivePermissions
reports an ERROR_INVALID_ACL error on what I thought was a valid DACL.
The Problem seems to be related to inherited deny entries in the DACL.
Inherited allow entries seem to be fine (as far as my testing goes). I
generate my DACL using the atl wrappers in CSecurityDesc::FromString()
function. I created two ACLs; one with an inherited allow entry, and
one with an inherited deny entry. The inherited allow works, the deny
does not. It seems perfectly valid to me looking at the rules of
permission inheritance and sddl syntax in the msdn library.
This works:
"O:BAG:BAD:AI(A;OICI;0xfff;;;BA)(A;OICIID;0xfff;;;BA)"
This does not:
"O:BAG:BAD:AI(A;OICI;0xfff;;;BA)(D;OICIID;0xfff;;;BA)"
Does anyone have any insight as to why this would happen?
- Next message: Wong Tuck Wah: "RE: find all folders a user has rights to."
- Previous message: KT: "Program installation history"
- Next in thread: Roger Abell: "Re: GetEffectivePermissions and Implementing DACL Inheritence"
- Reply: Roger Abell: "Re: GetEffectivePermissions and Implementing DACL Inheritence"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
