Access control
Concept
Access control overview
How the KACS pieces fit together from a developer's seat — identities, tokens, security descriptors, and access checks — and which part of the SDK you reach for.
How-toWorking with tokens
Answer "who am I?", "who is calling me?", and "act as someone else" with the KACS token API — opening tokens, peer identity over sockets, impersonation, and dropping privilege.
How-toChecking access
Make an authorisation decision end to end — build a security descriptor, run an access check against a token, and interpret the granted mask.
How-toSecuring files
Open files the native KACS way, and read and write a file's security descriptor by path or by fd.
How-toHardening a process
Turn on process mitigations to harden your program, and understand the one-way, fail-closed semantics.