MDAC 2.5 SDK - Technical Articles
OLE DB defines the following #define constants for bits within the ACCESS_MASK structure. The ACCESS_MASK structure is passed in as the grfAccessPermissions element in the EXPLICIT_ACCESS structure. The EXPLICIT_ACCESS structure is used in several of the methods of the IObjectAccessControl interface.
| Bit | Permission | OLE DB Constant (#define) |
ACCESS_MASK Constant |
| 0–7 | reserved | N/A | N/A1 |
| 8 | Drop | PERM_DROP | N/A1 |
| 9 | Exclusive | PERM_EXCLUSIVE | N/A1 |
| 10 | Read Design | PERM_READDESIGN | N/A1 |
| 11 | Write Design | PERM_WRITEDESIGN | N/A1 |
| 12 | With Grant | PERM_WITHGRANT | N/A1 |
| 13 | Reference | PERM_REFERENCE | N/A1 |
| 14 | Create | PREM_CREATE | N/A1 |
| 15 | Insert | PERM_INSERT | N/A1 |
| 16 | Delete | PERM_DELETE | DELETE |
| 17 | Read Control | PERM_READCONTROL | READ_CONTROL |
| 18 | Write Permissions | PERM_WRITEPERMISSIONS | WRITE_DAC |
| 19 | Set Owner | PERM_WRITEOWNER | WRITE_OWNER |
| 20–24 | N/A2 | N/A2 | N/A2 |
| 25 | Max Allowed | PERM_MAXIMUM_ALLOWED | MAXIMUM_ALLOWED |
| 26–27 | reserved2 | N/A2 | N/A2 |
| 28 | All | PERM_ALL | GENERIC_ALL |
| 29 | Execute | PERM_EXECUTE | GENERIC_EXECUTE |
| 30 | Update | PERM_UPDATE | GENERIC_WRITE |
| 31 | Read | PERM_READ | GENERIC_READ |
1 The ACCESS_MASK structure assigns bits 0 through 15 to rights specific to the object. OLE DB currently uses only bits 8 through 15 for specific rights.
2 See the Access Control section of the Microsoft Platform SDK for ACCESS_MASK assignments for these bits in the structure, and see this guide's Appendix for a comparison with COM and the Platform SDK security functions.
These permissions are defined as described in the following table.
| Permission | Definition |
| Drop | Permission to delete or drop an object. |
| Exclusive | Permission to open an object exclusively. |
| Read Design | Permission to see object definitions. |
| Write Design | Permission to modify object definitions. |
| With Grant | Permission to grant permissions to others (WITH GRANT OPTION used). |
| Reference | Permission to add references from other tables to this table.
For example, ORDERS and ORDER_DETAIL are created and owned by two different trustees. The owner of the ORDERS table must grant Reference permission to the owner of the ORDER_DETAIL table to enable the owner of the ORDER_DETAIL table to create a reference to the "OrderID" column of the ORDERS table. |
| Create | Permission to create new objects. This permission applies to container objects. |
| Insert | Permission to add new elements to objects (such as rows to a rowset). |
| Delete | Permission to remove elements from objects (such as rows from a rowset). |
| Read Control | Permission to read permissions and object metadata. |
| Write Permissions | Permission to grant or revoke privileges. |
| Set Owner | Permission to modify object owners. |
| Max Allowed | Maximum permission granted or possible. |
| All | Permission to execute, update, and read. |
| Execute | Permission to execute an object method. |
| Update | Permission to modify object data. |
| Read | Permission to read object data. |