The ACCESS_MASK structure is one doubleword value containing standard, specific, and generic rights. These rights are used in access-control entries (ACEs) and are the primary means of specifying the requested or granted access to an object.
typedef DWORD ACCESS_MASK;
The bits in this value are allocated as follows:
|
Bits |
Meaning |
|
0 through 15 |
Specific rights. Contains the access mask specific to the object type associated with the mask. |
|
16 through 23 |
Standard rights. Contains the object’s standard access rights and can be a combination of the following predefined flags: |
|
Bit |
Flag |
Meaning | |
|
16 |
DELETE |
Delete access | |
|
17 |
READ_CONTROL |
Read access to the owner, group, and discretionary access-control list (ACL) of the security descriptor | |
|
18 |
WRITE_DAC |
Write access to the discretionary access-control list (ACL) | |
|
19 |
WRITE_OWNER |
Write access to owner | |
|
20 |
SYNCHRONIZE |
Windows NT: Synchronize access |
|
Bits |
Meaning |
|
24 |
Access system security (ACCESS_SYSTEM_SECURITY). This flag is not a typical access type. It is used to indicate access to a system ACL. This type of access requires the calling process to have a specific privilege. |
|
25 |
Maximum allowed (MAXIMUM_ALLOWED) |
|
26 through 27 |
Reserved |
|
28 |
Generic all (GENERIC_ALL) |
|
29 |
Generic execute (GENERIC_EXECUTE) |
|
30 |
Generic write (GENERIC_WRITE) |
|
31 |
Generic read (GENERIC_READ) |
The following constants represent the specific and standard access rights:
#define SPECIFIC_RIGHTS_ALL 0x0000FFFF #define STANDARD_RIGHTS_REQUIRED 0x000F0000 #define STANDARD_RIGHTS_ALL 0x001F0000