A definition: SELF or Principal SELF is a placeholder in an ACE on a user, group, or computer object in Active Directory. When you grant permissions to Principal Self, you grant them to the security principal represented by the object. During an access check, the operating system replaces the SID for Principal Self with the SID for the security principal represented by the object..

AD built-in groups and users : http://ss64.com/nt/syntax-security_groups.html

AD security descriptors: http://www.selfadsi.org/deep-inside/ad-security-descriptors.htm

In french: http://www.ssi.gouv.fr/IMG/pdf/Audit_des_permissions_en_environnement_Active_Directory_article.pdf