2.2.1.1.2 ACCESS_MASK for Policy Objects
The following ACCESS_MASK flags apply to policy objects.
|
Value |
Meaning |
|---|---|
|
0x00000000 |
No access. |
|
POLICY_VIEW_LOCAL_INFORMATION 0x00000001 |
Access to view local information. |
|
POLICY_VIEW_AUDIT_INFORMATION 0x00000002 |
Access to view audit information. |
|
POLICY_GET_PRIVATE_INFORMATION 0x00000004 |
Access to view private information. |
|
POLICY_TRUST_ADMIN 0x00000008 |
Access to administer trust relationships. |
|
POLICY_CREATE_ACCOUNT 0x00000010 |
Access to create account objects. |
|
POLICY_CREATE_SECRET 0x00000020 |
Access to create secret objects. |
|
POLICY_CREATE_PRIVILEGE 0x00000040 |
Access to create privileges. Note New privilege creation is not currently a part of the protocol, so this flag is not actively used. |
|
POLICY_SET_DEFAULT_QUOTA_LIMITS 0x00000080 |
Access to set default quota limits. Note Quota limits are not currently a part of the protocol, so this flag is not actively used. |
|
POLICY_SET_AUDIT_REQUIREMENTS 0x00000100 |
Access to set audit requirements. |
|
POLICY_AUDIT_LOG_ADMIN 0x00000200 |
Access to administer the audit log. |
|
POLICY_SERVER_ADMIN 0x00000400 |
Access to administer policy on the server. |
|
POLICY_LOOKUP_NAMES 0x00000800 |
Access to translate names and security identifiers (SIDs). |
|
POLICY_NOTIFICATION 0x00001000 |
Access to be notified of policy changes.<11> |