Düzenle

Aracılığıyla paylaş


Directory Services Access Rights

Each Active Directory object has a security descriptor assigned to it. A set of trustee rights specific to directory service objects can be set within these security descriptors. These rights are listed in the following table. For more information, see Control Access Rights.

Rights Meaning
ACTRL_DS_OPEN
Open a DS object.
ACTRL_DS_CREATE_CHILD
Create a child DS object.
ACTRL_DS_DELETE_CHILD
Delete a child DS object.
ACTRL_DS_LIST
Enumerate a DS object.
ACTRL_DS_READ_PROP
Read the properties of a DS object.
ACTRL_DS_WRITE_PROP
Write properties for a DS object.
ACTRL_DS_SELF
Access allowed only after validated rights checks supported by the object are performed. This flag can be used alone to perform all validated rights checks of the object or it can be combined with an identifier of a specific validated right to perform only that check.
ACTRL_DS_DELETE_TREE
Delete a tree of DS objects.
ACTRL_DS_LIST_OBJECT
List a tree of DS objects.
ACTRL_DS_CONTROL_ACCESS
Access allowed only after extended rights checks supported by the object are performed. This flag can be used alone to perform all extended rights checks on the object or it can be combined with an identifier of a specific extended right to perform only that check.