Don't miss an insight. Subscribe to Techopedia for free.


Security Descriptor Definition Language

What Does Security Descriptor Definition Language Mean?

Security descriptor definition language (SDDL) defines the string format used by certain functions to convert a security descriptor to a text string.


Techopedia Explains Security Descriptor Definition Language

Microsoft Windows uses SDDL to develop and administer object security. SDDL defines security descriptors, which are text strings or binary data structures containing security information for one or more objects, e.g., file, folder, service or unnamed process.

Security descriptors use access control lists (ACLs) to manage access and control entries and audits. Each security descriptor contains a discretionary access control list (DACL) and system access control list (SACL). The DACL controls access to an object, and the SACL controls logging of access attempts.

In addition to the object owner name, most SDDL security descriptor strings are comprised of five parts. These include DACL, SACL, group and header, which specifies inheritance level and permission.


Related Terms