In a SACL, the entry specifies which security events to audit for a particular user or group or controls the Windows Integrity Level for the object.