CommonSecurityDescriptor.DiscretionaryAcl Property
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Gets or sets the discretionary access control list (DACL) for this CommonSecurityDescriptor object. The DACL contains access rules.
public:
property System::Security::AccessControl::DiscretionaryAcl ^ DiscretionaryAcl { System::Security::AccessControl::DiscretionaryAcl ^ get(); void set(System::Security::AccessControl::DiscretionaryAcl ^ value); };public System.Security.AccessControl.DiscretionaryAcl? DiscretionaryAcl { get; set; }public System.Security.AccessControl.DiscretionaryAcl DiscretionaryAcl { get; set; }member this.DiscretionaryAcl : System.Security.AccessControl.DiscretionaryAcl with get, setPublic Property DiscretionaryAcl As DiscretionaryAclProperty Value
The DACL for this CommonSecurityDescriptor object.
Remarks
If this property is set to null, a single access control entry (ACE) that allows everyone full access (AEFA) is added to the DACL. If an application modifies the DACL of a security descriptor to which an AEFA ACE has been added, the AEFA ACE is persisted with the DACL when that DACL is persisted.
This can result in an application unintentionally allowing access to principals. Because of this, an application should check for the existence of an AEFA ACE and remove it before modifying any security descriptor.
