Access decisions

AccessCheck is the function that decides whether a request gets through. It takes a token, an object's security descriptor, and a desired access mask, and runs a multi-stage pipeline to produce a granted mask. This page is the map for the pipeline — every stage, every input, every place an access can be lost or recovered.

Mandatory integrity control (MIC) gates access by integrity level — a numeric trust axis that runs Untrusted, Low, Medium, High, System. The object carries an integrity level via its SACL; the token carries one of its own; the access check compares them before walking the DACL. This page covers the levels, the policy bits, and what MIC does and does not constrain.

Several privileges modify what the access check decides. This page covers where each AccessCheck-influencing privilege fires in the pipeline, what bits it grants, what it does not bypass, and how its grant is recorded for audit.

Three layers of the access check can narrow what the DACL plus privileges granted — the restricted-token pass, confinement, and central access policies. Each is a strict intersection. This page covers the three layers in their pipeline order, the rules for what bypasses each one, and how they compose.

An access was denied and you need to know why. This page is the systematic walk through the access-check pipeline that finds the answer — what to inspect, in what order, and what each finding means.