This overview describes the low-level security functions for working with security descriptors, access-control lists (ACLs), and access-control entries (ACEs).
The access control model is basically the same for all versions of Windows NT. For a description of the model, see Access-Control Model.