Access Control Entry (ACE)

Access Control Entry, or ACE, is an entry in a discretionary access control list (DACL) or a system access control list (SACL). An access control entry (ACE) specifies the access or auditing permissions to an object in Active Directory or on a volume formatted using the NTFS file system for a particular user or group.

Access Control List

How It Works

An ACE is part of a DACL or a SACL for an object and contains information that is used to control the access attributes of that object.

An ACE specifies two pieces of information:

  • The security identifier (SID) of the security principal (user, group, or computer) to which the ACE applies
  • The level of access to the object permitted for that security principal

An access mask specifying the possible permissions that can be assigned to the object is included with each ACE. An ACE can provide one of the following:

  • Discretionary access control for explicitly granting or denying access to a specific user or group (AccessAllowed and AccessDenied entries)
  • System security access control for generating security audit logs (SystemAudit entry)


Articles posted after being checked by editors.

Recent Content

link to Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Public Key Infrastructure, also known as PKI, is a set of services that support the use of public-key cryptography in a corporate or public setting. A public key infrastructure (PKI) enables key pairs to be generated, securely stored, and securely transmitted to users so that users can send encrypted transmissions and digital signatures over distrusted public networks such as the Internet.
link to Digital Signature

Digital Signature

Digital Signature is an electronic signature that you can use to sign a document being transmitted by electronic means such as e-mail. Digital signatures validate the identity of the sender and ensure that the document they are attached to has not been altered by unauthorized parties during the transmission.