Edit

Security Descriptor Definition Language

  • Article

The security descriptor definition language (SDDL) defines the string format that the ConvertSecurityDescriptorToStringSecurityDescriptor and ConvertStringSecurityDescriptorToSecurityDescriptor functions use to describe a security descriptor as a text string. The language also defines string elements for describing information in the components of a security descriptor.

Note

Conditional access control entries (ACEs) have a different SDDL format than other ACE types. For ACEs, see ACE Strings. For conditional ACEs, see Security Descriptor Definition Language for Conditional ACEs.

 

Security Descriptor String Format

Security Descriptor Definition Language for Conditional ACEs

ACE Strings

SID Strings

[MS-DTYP]: Security Descriptor Description Language