2.2.3.1 Access Values

The following table lists access level values that a print client can specify when opening a print job object, port object, printer object, or print server object. The type of object that an access value applies to is indicated in its name, as follows:

  • Access values that are named starting with "JOB" are used for opening print job objects.

  • Access values that are named starting with "PRINTER" are used for opening printer objects and port objects.

  • Access values that are named starting with "SERVER" are used for opening print server objects.

The ACCESS_MASK data type ([MS-DTYP] section 2.4.3) specifies standard access rights and reserves a range of values for protocol-specific use. The following table defines printing-specific access rights in the reserved range and in combination with standard access rights. For more information concerning access rights, see [MS-AZOD] section 1.1.1.5.

For completeness, the table lists all defined access values and identifies those that MUST NOT be used with the Print System Remote Protocol.

Name/value

Description

JOB_ACCESS_ADMINISTER

0x00000010

Printing-specific authorization to cancel, pause, resume, or restart the job ([MS-DTYP] ACCESS_MASK Bit 27).

JOB_ACCESS_READ

0x00000020

Printing-specific read rights for the spool file ([MS-DTYP] ACCESS_MASK Bit 26).<129>

JOB_EXECUTE

0x00020010

Access rights for jobs combining RC (Read Control) of ACCESS_MASK with printing-specific JOB_ACCESS_ADMINISTER.

This value MUST NOT be passed over the wire. If it is, the server SHOULD return ERROR_ACCESS_DENIED.

JOB_READ

0x00020020

Access rights for jobs combining RC (Read Control) of ACCESS_MASK with printing-specific JOB_ACCESS_READ.

JOB_WRITE

0x00020010

Access rights for jobs combining RC (Read Control) of ACCESS_MASK with printing-specific JOB_ACCESS_ADMINISTER.

This value MUST NOT be passed over the wire. If it is, the server SHOULD return ERROR_ACCESS_DENIED.

JOB_ALL_ACCESS

0x000F0030

Access rights for printers to perform all administrative tasks and basic printing operations except SYNCHRONIZE ([MS-DTYP] ACCESS_MASK Bit 'SY'). Combines STANDARD_RIGHTS_REQUIRED (ACCESS_MASK Bits 'RC', 'DE', 'WD', 'WO'), JOB_ACCESS_ADMINISTER (ACCESS_MASK Bit 27), and JOB_ACCESS_READ (ACCESS_MASK Bit 26).

PRINTER_ACCESS_ADMINISTER

0x00000004

Printing-specific access rights for printers to perform administrative tasks ([MS-DTYP] ACCESS_MASK Bit 29).

PRINTER_ACCESS_USE

0x00000008

Printing-specific access rights for printers to perform basic printing operations ([MS-DTYP] ACCESS_MASK Bit 28).

PRINTER_ACCESS_MANAGE_LIMITED

0x00000040

Printing-specific access rights for printers to perform printer data management operations ([MS-DTYP] ACCESS_MASK Bit 25).<130>

PRINTER_ALL_ACCESS

0x000F000C

Access rights for printers to perform all administrative tasks and basic printing operations except synchronization. Combines WO (Write Owner), WD (Write DACL), RC (Read Control), and DE (Delete) of ACCESS_MASK with printing-specific PRINTER_ACCESS_ADMINISTER and printing-specific PRINTER_ACCESS_USE.

PRINTER_EXECUTE

0x00020008

Access rights for printers combining RC (Read Control) of ACCESS_MASK with printing-specific PRINTER_ACCESS_USE.

PRINTER_READ

0x00020008

Access rights for printers combining RC (Read Control) of ACCESS_MASK with printing-specific PRINTER_ACCESS_USE.

PRINTER_WRITE

0x00020008

Access rights for printers combining RC (Read Control) of ACCESS_MASK with printing-specific PRINTER_ACCESS_USE.

SERVER_ACCESS_ADMINISTER

0x00000001

Printing-specific access rights to administer print servers ([MS-DTYP] ACCESS_MASK Bit 31).

SERVER_ACCESS_ENUMERATE

0x00000002

Printing-specific access rights to enumerate print servers ([MS-DTYP] ACCESS_MASK Bit 30).

SERVER_ALL_ACCESS

0x000F0003

Access rights for print servers to perform all administrative tasks and basic printing operations except synchronization. Combines WO (Write Owner), WD (Write DACL), RC (Read Control), and DE (Delete) of ACCESS_MASK with printing-specific SERVER_ACCESS_ADMINISTER and printing-specific SERVER_ACCESS_ENUMERATE.

SERVER_EXECUTE

0x00020002

Access rights for print servers combining RC (Read Control) of ACCESS_MASK with printing-specific SERVER_ACCESS_ENUMERATE.

SERVER_READ

0x00020002

Access rights for print servers combining RC (Read Control) of ACCESS_MASK with printing-specific SERVER_ACCESS_ENUMERATE.

SERVER_WRITE

0x00020003

Access rights for print servers combining RC (Read Control) of ACCESS_MASK with printing-specific SERVER_ACCESS_ADMINISTER and printing-specific SERVER_ACCESS_ENUMERATE.

SPECIFIC_RIGHTS_ALL

0x0000FFFF

All specific rights.<131>

This value MUST NOT be passed over the wire. It SHOULD only be used locally, as a mask to determine the protocol-specific subset of access values.

STANDARD_RIGHTS_ALL

0x001F0000

Combines SY (Synchronize), WO (Write Owner), WD (Write DACL), RC (Read Control), and DE (Delete) of ACCESS_MASK.<132>

This value MUST NOT be passed over the wire. It SHOULD only be used locally, as a mask to determine the standard set of access values.

STANDARD_RIGHTS_EXECUTE

0x00020000

Standard rights, set to RC (Read Control) of ACCESS_MASK.

STANDARD_RIGHTS_READ

0x00020000

Standard read rights, set to RC (Read Control) of ACCESS_MASK.

STANDARD_RIGHTS_REQUIRED

0x000F0000

Standard rights, combines WO (Write Owner), WD (Write DACL), RC (Read Control), and DE (Delete) of ACCESS_MASK.

STANDARD_RIGHTS_WRITE

0x00020000

Standard write rights, set to RC (Read Control) of ACCESS_MASK.

SYNCHRONIZE

0x00100000

The right to use the object for synchronization, set to SY (Synchronize) of ACCESS_MASK.<133>

This value MUST NOT be passed over the wire. If it is, the server SHOULD return ERROR_ACCESS_DENIED.

DELETE

0x00010000

The right to delete an object, set to DE (Delete) of ACCESS_MASK.

READ_CONTROL

0x00020000

The right to read the information in the object's security descriptor, not including the information in the system access control list (SACL), set to RC (Read Control) of ACCESS_MASK.

WRITE_DAC

0x00040000

The right to modify the discretionary access control list (DACL) in the object's security descriptor, set to WD (Write DACL) of ACCESS_MASK.

WRITE_OWNER

0x00080000

The right to change the owner in the object's security descriptor, set to WO (Write Owner) of ACCESS_MASK.

GENERIC_READ

0x80000000

GR (Generic Read) of ACCESS_MASK:

For server object, access is mapped to SERVER_READ.

For printer object, access is mapped to PRINTER_READ.

For print job, access is mapped to JOB_READ.

GENERIC_WRITE

0x40000000

GW (Generic Write) of ACCESS_MASK:

For server object, access is mapped to SERVER_WRITE.

For printer object, access is mapped to PRINTER_WRITE.

For print job, access is mapped to JOB_WRITE.

GENERIC_EXECUTE

0x20000000

GX (Generic Execute) of ACCESS_MASK:

For server object, access is mapped to SERVER_EXECUTE.

For printer object, access is mapped to PRINTER_EXECUTE.

For print job, access is mapped to JOB_EXECUTE.

GENERIC_ALL

0x10000000

GA (Generic All) of ACCESS_MASK:

For server object, access is mapped to SERVER_ALL_ACCESS.

For printer object, access is mapped to PRINTER_ALL_ACCESS.

For print job, access is mapped to JOB_ALL_ACCESS.