Platform SDK: Access Control |
Each type of securable object has a set of access rights that correspond to operations specific to that type of object. In addition to these object-specific access rights, there is a set of standard access rights that correspond to operations common to most types of securable objects.
The Windows NT access mask format includes a set of bits for the standard access rights. The following table shows the Win32 constants defined for the standard access rights.
Constant | Meaning |
---|---|
DELETE | The right to delete the object. |
READ_CONTROL | The right to read the information in the object's security descriptor, not including the information in the SACL. |
SYNCHRONIZE | The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right. |
WRITE_DAC | The right to modify the DACL in the object's security descriptor. |
WRITE_OWNER | The right to change the owner in the object's security descriptor. |
The Win32 API also defines the following constants that are combinations of the standard access rights.
Constant | Meaning |
---|---|
STANDARD_RIGHTS_ALL | Combines DELETE, READ_CONTROL, WRITE_DAC, WRITE_OWNER, and SYNCHRONIZE access. |
STANDARD_RIGHTS_EXECUTE | Currently defined to equal READ_CONTROL. |
STANDARD_RIGHTS_READ | Currently defined to equal READ_CONTROL. |
STANDARD_RIGHTS_REQUIRED | Combines DELETE, READ_CONTROL, WRITE_DAC, and WRITE_OWNER access. |
STANDARD_RIGHTS_WRITE | Currently defined to equal READ_CONTROL. |