Security Descriptor Definition Language

What Does Security Descriptor Definition Language Mean?

Security descriptor definition language (SDDL) defines the string format used by certain functions to convert a security descriptor to a text string.


Techopedia Explains Security Descriptor Definition Language

Microsoft Windows uses SDDL to develop and administer object security. SDDL defines security descriptors, which are text strings or binary data structures containing security information for one or more objects, e.g., file, folder, service or unnamed process.

Security descriptors use access control lists (ACLs) to manage access and control entries and audits. Each security descriptor contains a discretionary access control list (DACL) and system access control list (SACL). The DACL controls access to an object, and the SACL controls logging of access attempts.

In addition to the object owner name, most SDDL security descriptor strings are comprised of five parts. These include DACL, SACL, group and header, which specifies inheritance level and permission.


Related Terms

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…