Security Descriptor Definition Language

Why Trust Techopedia

What Does Security Descriptor Definition Language Mean?

Security descriptor definition language (SDDL) defines the string format used by certain functions to convert a security descriptor to a text string.

Techopedia Explains Security Descriptor Definition Language

Microsoft Windows uses SDDL to develop and administer object security. SDDL defines security descriptors, which are text strings or binary data structures containing security information for one or more objects, e.g., file, folder, service or unnamed process.

Security descriptors use access control lists (ACLs) to manage access and control entries and audits. Each security descriptor contains a discretionary access control list (DACL) and system access control list (SACL). The DACL controls access to an object, and the SACL controls logging of access attempts.

In addition to the object owner name, most SDDL security descriptor strings are comprised of five parts. These include DACL, SACL, group and header, which specifies inheritance level and permission.

Related Terms

Margaret Rouse
Technology Expert
Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.