| Platform SDK: Access Control |
The ACCESS_MASK structure is one doubleword value containing standard, specific, and generic rights. These rights are used in access-control entries (ACEs) and are the primary means of specifying the requested or granted access to an object.
typedef DWORD ACCESS_MASK;
The bits in this value are allocated as follows.
| Bits | Meaning | ||
|---|---|---|---|
| 0 through 15 | Specific rights. Contains the access mask specific to the object type associated with the mask. | ||
| 16 through 23 | Standard rights. Contains the object's standard access rights and can be a combination of the following predefined flags: | ||
| Bit | Flag | Meaning | |
| 16 | DELETE | Delete access | |
| 17 | READ_CONTROL | Read access to the owner, group, and discretionary access-control list (ACL) of the security descriptor | |
| 18 | WRITE_DAC | Write access to the discretionary access-control list (ACL) | |
| 19 | WRITE_OWNER | Write access to owner | |
| 20 | SYNCHRONIZE | Windows NT/2000: Synchronize access | |
| Bits | Meaning | ||
| 24 | Access system security (ACCESS_SYSTEM_SECURITY). This flag is not a typical access type. It is used to indicate access to a system ACL. This type of access requires the calling process to have a specific privilege. | ||
| 25 | Maximum allowed (MAXIMUM_ALLOWED) | ||
| 26 through 27 | Reserved | ||
| 28 | Generic all (GENERIC_ALL) | ||
| 29 | Generic execute (GENERIC_EXECUTE) | ||
| 30 | Generic write (GENERIC_WRITE) | ||
| 31 | Generic read (GENERIC_READ) | ||
The following constants represent the specific and standard access rights:
#define SPECIFIC_RIGHTS_ALL 0x0000FFFF #define STANDARD_RIGHTS_REQUIRED 0x000F0000 #define STANDARD_RIGHTS_ALL 0x001F0000
Windows NT/2000: Requires Windows NT 3.1 or later.
Header: Declared in Winnt.h; include Windows.h.
Access Control Overview, Access Control Structures, GENERIC_MAPPING, Access Rights and Access Masks