FormattedSDDLText
A database field of the FormattedSDDLText data type holds a text string that describes a security descriptor using valid security descriptor definition language (SDDL.) This data type is used by the SDDLText field of the MsiLockPermissionsEx Table to secure a selected object. Note that the SDDLText field of the MsiLockPermissionsEx Table does not support private or public properties.
Windows Installer 4.5 or earlier: Not supported. This data type is available beginning with Windows Installer 5.0.
The FormattedSDDLText data type can hold a SDDL string written in valid Security Descriptor String Format. For more information about SDDL, see the Access Control section of the Microsoft Windows Software Development Kit (SDK). In addition, a FormattedSDDLText text string can use angle brackets (<>) to contain the domain and user name of the user whose account SID is to be determined.
If the user having user name SampleUser belongs to a domain named SampleDomain, then the FormattedSDDLText value can identify the owner using the SID string, the user name and domain name, or the Windows environment variables. For example, the following strings would be possible.
- O:*owner\_sid\_string*G:BAD:(D;OICI;GA;;;BG)(A;OICI;GRGWGX;;;*owner\_sid\_string*)(A;OICI;GA;;;BA)S:ARAI(AU;SAFA;FA;;;WD)
O:<*SampleDomain\\SampleUser*>G:BAD:(D;OICI;GA;;;BG)(A;OICI;GRGWGX;;;<*SampleDomain\\SampleUser*>)(A;OICI;GA;;;BA)S:ARAI(AU;SAFA;FA;;;WD)
O:<\[%USERDOMAIN\]\\\[%USERNAME\]>G:BAD:(D;OICI;GA;;;BG)(A;OICI;GRGWGX;;;<\[%USERDOMAIN\]\\\[%USERNAME\]>)(A;OICI;GA;;;BA)S:ARAI(AU;SAFA;FA;;;WD)
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for