FormattedSDDLText

Windows Installer

FormattedSDDLText

A database field of the FormattedSDDLText data type holds a text string that describes a security descriptor using valid security descriptor definition language (SDDL.) This data type is used by the SDDLText field of the MsiLockPermissionsEx Table to secure a selected object.

Windows Installer 4.5 or earlier:  Not supported. This datatype is available beginning with Windows Installer 5.0.

The FormattedSDDLText data type can hold a SDDL string written in valid Security Descriptor String Format. For more information about SDDL, see the Access Control section of the Microsoft Windows Software Development Kit (SDK). In addition, a FormattedSDDLText text string can use angle brackets (<>) to contain the domain and username of the user whose account SID is to be determined.

If the user having user name SampleUser belongs to a domain named SampleDomain, then the FormattedSDDLText value can identify the owner using the SID string, the user name and domain name, or the Windows environment variables. For example, the following strings would be possible.

O:owner_sid_stringG:BAD:(D;OICI;GA;;;BG)(A;OICI;GRGWGX;;;owner_sid_string)(A;OICI;GA;;;BA)S:ARAI(AU;SAFA;FA;;;WD)
O:<SampleDomain\SampleUser>G:BAD:(D;OICI;GA;;;BG)(A;OICI;GRGWGX;;;<SampleDomain\SampleUser>)(A;OICI;GA;;;BA)S:ARAI(AU;SAFA;FA;;;WD)
O:<[%USERDOMAIN]\[%USERNAME]>G:BAD:(D;OICI;GA;;;BG)(A;OICI;GRGWGX;;;<[%USERDOMAIN]\[%USERNAME]>)(A;OICI;GA;;;BA)S:ARAI(AU;SAFA;FA;;;WD)

Build date: 8/13/2009

© 2009 Microsoft Corporation. All rights reserved.