Inheritance

Inheritance is the process that propagates ACEs in a parent object's ACL to a child object's ACL. In Windows 2000, inheritable ACEs can be propagated from parent to child when one of the following events takes place:

  • A new child object is created

  • The DACL on the parent object is modified

  • The SACL on the parent object is modified

In this scheme, any object can be the child of another object. Only container objects can be parents. And, just as in human genetics a parent can carry recessive traits that are not evident in the parent, so it is in Windows 2000. The ACL for a container object can carry ACEs that are not effective on the container but are present only for the purpose of inheritance—only so that they can be passed down to subsequent generations of objects until they reach a noncontainer child object, where they become effective ACEs.

The mechanism for inheritance depends on two things: a set of inheritance flags in each ACE and a set of inheritance rules built into the operating system.