Platform SDK: Access Control

Standard Access Rights

Each type of securable object has a set of access rights that correspond to operations specific to that type of object. In addition to these object-specific access rights, there is a set of standard access rights that correspond to operations common to most types of securable objects.

The Windows NT access mask format includes a set of bits for the standard access rights. The following table shows the Win32 constants defined for the standard access rights.

Constant Meaning
DELETE The right to delete the object.
READ_CONTROL The right to read the information in the object's security descriptor, not including the information in the SACL.
SYNCHRONIZE The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.
WRITE_DAC The right to modify the DACL in the object's security descriptor.
WRITE_OWNER The right to change the owner in the object's security descriptor.

The Win32 API also defines the following constants that are combinations of the standard access rights.

Constant Meaning
STANDARD_RIGHTS_ALL Combines DELETE, READ_CONTROL, WRITE_DAC, WRITE_OWNER, and SYNCHRONIZE access.
STANDARD_RIGHTS_EXECUTE Currently defined to equal READ_CONTROL.
STANDARD_RIGHTS_READ Currently defined to equal READ_CONTROL.
STANDARD_RIGHTS_REQUIRED Combines DELETE, READ_CONTROL, WRITE_DAC, and WRITE_OWNER access.
STANDARD_RIGHTS_WRITE Currently defined to equal READ_CONTROL.