Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Security descriptor definition language (SDDL) defines the string format used by certain functions to convert a security descriptor to a text string.
Microsoft Windows uses SDDL to develop and administer object security. SDDL defines security descriptors, which are text strings or binary data structures containing security information for one or more objects, e.g., file, folder, service or unnamed process.
Security descriptors use access control lists (ACLs) to manage access and control entries and audits. Each security descriptor contains a discretionary access control list (DACL) and system access control list (SACL). The DACL controls access to an object, and the SACL controls logging of access attempts.
In addition to the object owner name, most SDDL security descriptor strings are comprised of five parts. These include DACL, SACL, group and header, which specifies inheritance level and permission.