Tech Off Thread

1 post

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

SDDL Question

Back to Forum: Tech Off
  • User profile image
    mrichman

    For a given folder, I have the following ACLs applied (in SDDL form as reported by subinacl.exe):

    O:BAG:S-1-5-21-3515201088-327499479-2393324921-513D:ARAI(A;OICI;FR;;;IU)(A;OICI;FA;;;SY)(A;OICI;FR;;;NS)(A;OICI;FA;;;S-1-5-21-3515201088-327499479-2393324921-1122)(A;OICI;FA;;;S-1-5-21-3515201088-327499479-2393324921-33419)(A;OICI;FR;;;S-1-5-21-3515201088-327499479-2393324921-41356)(A;OICI;0x1201ff;;;S-1-5-21-3515201088-327499479-2393324921-41357)(A;OICI;0x1301bf;;;S-1-5-21-3515201088-327499479-2393324921-41358)(A;OICIID;FA;;;S-1-5-21-3827917850-392688904-3840755366-1636)(A;OICIID;FA;;;S-1-5-21-3515201088-327499479-2393324921-1122)(A;OICIID;FA;;;SY)


    My question is, what is the difference between OICI and OICIID? I realize this is Object Inherit + Container Inherit + Inherited, but I'm not 100% clear on the meaning of "Inherited" with respect to OICI.

    Basically, I need to grant user jdoe read access to folder \foo, but read+write+delete access to any child object of \foo. For example, read the contents of \foo, but delete \foo\bar.txt, or create dir \foo\bar.

    Thanks,
    Mark


Conversation locked

This conversation has been locked by the site admins. No new comments can be made.