The "type" of the ACL acquired is set to 0 for both "group" and "user."

[ki-suzuki]

When crawling an SMB file server, the type of ACL (Access Control List) being retrieved for both groups and users appears to be set to 0. Is this correct?

[ki-suzuki]

Here are some details.

group metadata aquired

collector.acl.smb[0].accountName =
collector.acl.smb[0].ace = Deny  S-1-5-... 0x000200A9 Direct    This folder only
collector.acl.smb[0].domainName =
collector.acl.smb[0].domainSid = S-1-5-...
collector.acl.smb[0].sid = S-1-5-...
collector.acl.smb[0].sidAsText = S-1-5-...
collector.acl.smb[0].type = 0
collector.acl.smb[0].typeAsText = 0

user metadata aquired

collector.acl.smb[1].accountName =
collector.acl.smb[1].ace = Allow S-1-5-... 0x001F01FF Inherited This folder only
collector.acl.smb[1].domainName =
collector.acl.smb[1].domainSid = S-1-5-...
collector.acl.smb[1].sid = S-1-5-...
collector.acl.smb[1].sidAsText = S-1-5-...
collector.acl.smb[1].type = 0
collector.acl.smb[1].typeAsText = 0

[sakanaosama]

It should only reflect the ACI type, either Allowed or Denied. Do you realize that it is not accurate to the value?