Security Descriptor Definition Language

Article
01/07/2021

The security descriptor definition language (SDDL) defines the string format that the ConvertSecurityDescriptorToStringSecurityDescriptor and ConvertStringSecurityDescriptorToSecurityDescriptor functions use to describe a security descriptor as a text string. The language also defines string elements for describing information in the components of a security descriptor.

Note

Conditional access control entries (ACEs) have a different SDDL format than other ACE types. For ACEs, see ACE Strings. For conditional ACEs, see Security Descriptor Definition Language for Conditional ACEs.

Security Descriptor String Format
Security Descriptor Definition Language for Conditional ACEs
ACE Strings
SID Strings
[MS-DTYP]: Security Descriptor Description Language