Sun Identity Manager 8.1 Resources Reference

Managing ACL Lists

The nTSecurityDescriptor and the msExchMailboxSecurityDescriptor attribute values contain ACL lists that you must specify in a special way.

For example, the following shows a user form a company might use to assign a default set of permissions to each user they provision:

<Field name=’attributes[AD].nTSecurityDescriptor’ hidden=’true’>
        <s>Domain Admins|983551|0|0|NULL|NULL</s>
        <s>NT AUTHORITY\SYSTEM|983551|0|0|NULL|NULL</s>
         <s>Account Operators|983551|0|0|NULL|NULL</s>
         <s>NT AUTHORITY\Authenticated Users|131220|0|0|NULL|NULL</s>
        <s>NT AUTHORITY\Authenticated Users|256|5|0|
         <s>NT AUTHORITY\SELF|131220|0|0|NULL|NULL</s>

The entries in the nTSecurityDescriptor list are in the following format:



The best method in which to find the correct string to pass down, is to do the following: