Security Descriptor Definition Language

The security descriptor definition language (SDDL) defines the string format that the ConvertSecurityDescriptorToStringSecurityDescriptor and ConvertStringSecurityDescriptorToSecurityDescriptor functions use to describe a security descriptor as a text string. The language also defines string elements for describing information in the components of a security descriptor.

Security Descriptor String Format

Security Descriptor Definition Language for Conditional ACEs

ACE Strings

SID Strings

[MS-DTYP]: Security Descriptor Description Language