typedef DWORD ACCESS_MASK;
The ACCESS_MASK data structure is a single longword value containing the standard rights, specific rights, and generic rights found in the access and audit/alarm access control entries (ACEs). It is also used as the primary means of specifying desired or granted access to an object.
The bits in this longword value are allocated as follows:
| Bits | Meaning |
| 0 through 15 | Specific rights. Contains the access mask that is specific to the object type associated with the mask. | ||
| 16 through 23 | Standard rights. Contains the object's standard access rights and can be a combination of the following predefined flags: | ||
| Bit | Meaning | ||
| 16 | DELETE | ||
| 17 | READ_CONTROL | ||
| 18 | WRITE_DAC | ||
| 19 | WRITE_OWNER | ||
| 20 | SYNCHRONIZE | ||
| 24 | Access system security | ||
| 25 | Maximum allowed | ||
| 26 through 27 | Reserved | ||
| 28 | Generic all | ||
| 29 | Generic execute | ||
| 30 | Generic write | ||
| 31 | Generic read | ||
Where:
| AccessSystemSecurity | Contains a boolean flag indicating access to a system ACL is desired. |
| Note that AccessSystemSecurity access type is not a normal access type. It is used to indicate access to a system ACL is desired. This type of access requires the caller have a specific privilege, rather than pass discretionary access control. | |
| MaximumAllowed | Indicates the user wishes to be granted the maximum access to an object that the protection on that object will allow. |
| GenericAll | Contains a boolean flag indicating the access mask specifies all defined access types. |
| GenericExecute | Contains a boolean flag indicating the access mask specifies generic execute right. |
| GenericWrite | Contains a boolean flag indicating the access mask specifies generic write right. |
| GenericRead | Contains a boolean flag indicating the access mask specifies generic read right. |
The following constants are provided for manipulating access masks:
#define SPECIFIC_RIGHTS_ALL 0x0000FFFF
#define DELETE 0x00010000
#define READ_CONTROL 0x00020000
#define WRITE_DAC 0x00040000
#define WRITE_OWNER 0x00080000
#define STANDARD_RIGHTS_REQUIRED 0x000F0000
#define SYNCHRONIZE 0x00100000
#define ACCESS_SYSTEM_SECURITY 0x01000000
#define MAXIMUM_ALLOWED 0x02000000
#define GENERIC_ALL 0x10000000
#define GENERIC_EXECUTE 0x20000000
#define GENERIC_WRITE 0x40000000
#define GENERIC_READ 0x80000000