Quantcast
Channel: Network Access Protection forum
Viewing all articles
Browse latest Browse all 1875

What is the logic behind the preferred order of ACEs inside a DACL?

$
0
0


In the book 'Engineering Information Security' by Stuart Jacobs, it's stated that the preferred order for ACEs inside an ACL is the following:

  • Explicit ACEs (access-denied/allowed) come first. Access-denied ACEs are placed before access-allowed ACEs.
  • Inherited ACEs are placed in the order in which they are inherited.
  • For each level of inherited ACEs, access-denied ACEs are placed before access-allowed ACEs.


Reading this has made me wonder, why should access-denied ACEs always come before access-allowed ones? Is it just to match the way the authentication algorithm works? And if so, is there any particular reason for why the access-denied ACEs are checked first?

Thanks in advance.





Viewing all articles
Browse latest Browse all 1875

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>