Access check simulator

Step through a simplified DACL vs token decision — same rules as the real algorithm, fewer edge cases.

Topic: access-checks-srm Topic: descriptors-acls Topic: token

1. Token identity

Standard userAdministrator (elevated)Local System

2. DACL (simplified)

ALLOW AU → Read, Execute
ALLOW BA → Read, Write, Execute, Delete
DENY BU → Write, Delete

3. Requested access

SRM decision (educational)

Granted: Read

Denied: Write

Token: Standard user [BU, AU]
Requested: Read, Write
ALLOW Read — ACE matches AU
DENY Write — ACE matches BU