Access Token
Describes what a user can and cannot access.
Small repository of information that accompanies a process (e.g., request to open a file).
- Security ID: user’s logon name
- Group IDs: groups to which the user belongs
- Privileges: special services the user can use (usually none)
- Default owner: default owner of the objects created by the user (usually the owner)
- Primary Group: group of security IDs that can use the object
- Default ACL: default list of groups and individual users and their r/w/x privileges over user-owned objects.