2.2.2.21.3.3 ComponentSACL

Article
04/23/2024

The ComponentSACL type represents a SACL in a component-related security descriptor.

A field of this type MUST be an ACL as specified in [MS-DTYP] section 2.4.5. Furthermore, the following restrictions apply to the Ace fields:

There SHOULD be at most one Ace field, which if present SHOULD be a ComponentMandatoryLabelACE (section 2.2.2.21.2.5) type.
Duplicate ComponentMandatoryLabelACE fields are not meaningful and SHOULD NOT be present.

Other ACE types are not meaningful and SHOULD NOT be present.