ACL Technology Overview

The classes in the System.Security.AccessControl namespace allow you to programmatically create or modify discretionary access control lists (DACLs) and system access control lists (SACLs) for a number of protected resources such as files, folders, and so on. DACLs allow you to programmatically control access to protected resources, while SACLs allow you to programmatically control system auditing policies of protected resources. For example, you can use the DACL classes to make sure that only an administrator can read a file; you can use the SACL classes to make sure that all successful attempts to open the file are logged.

The topics in this section describe the concepts and techniques that allow you to build ACL functionality into your applications.

Technology Summary for ACLs

Summarizes ACL concepts and the use of classes in the System.Security.AccessControl namespace.

ACL Technology Architecture

Explains the architecture of ACL classes that are used to enforce access control and audit rules.

ACL Technology Scenarios

Describes the most common scenarios in which ACL classes are used

ACL Propagation Rules

Describes the rules used to propagate ACLs to folders and files contained within a target folder.


Provides reference documentation for the System.Security.AccessControl namespace, which provides a managed implementation of the Windows ACL interface.

Security in the .NET Framework

Provides links to security topics in the .NET Framework, including topics for code access security, role-based security, and cryptography.