CIFS Access Mask Encoding
The access mask is a 32-bit value containing specific, standard, and generic rights. These rights are used in access-control entries (ACEs) and are the primary means of specifying the requested or granted access to an object.
Specific rights
Values 0-15. These rights contain the access mask specific to the object type associated with the mask.
Standard rights
Values 16-23. These rights contain the object's standard access rights and can be a combination of the predefined standard rights flags.
Generic rights
Values 24-31. These rights contain the object's generic access rights and can be a combination of the predefined generic rights flags.
The following flags apply to specific and standard rights.
Flag | Description |
---|---|
DELETE 0x00010000 |
Delete access. |
READ_CONTROL 0x00020000 |
Read access to the owner, group, and discretionary access-control list (ACL) of the security descriptor. |
WRITE_DAC 0x00040000 |
Write access to ACL. |
WRITE_OWNER 0x00080000 |
Write access to owner. |
SYNCHRONIZER 0x00100000 |
Windows NT synchronize access. |
The following flags apply to generic rights.
Flag | Description |
---|---|
ACCESS_SYSTEM_SECURITY 24 |
Access system security. This flag is not a typical access type. It is used to indicate access to a system ACL. This type of access requires the calling process to have a specific privilege. |
MAXIMUM_ALLOWED 25 |
Maximum allowed. |
26-27 | Reserved. |
GENERIC_ALL 28 |
Generic all. |
GENERIC_EXECUTE 29 |
Generic execute. |
GENERIC_WRITE 30 |
Generic write. |
GENERIC_READ 31 |
Generic read. |