Edit

Share via

ACCESS_MASK

  • Article

The ACCESS_MASK data type is a DWORD value that defines standard, specific, and generic rights. These rights are used in access control entries (ACEs) and are the primary means of specifying the requested or granted access to an object.

typedef DWORD ACCESS_MASK;
typedef ACCESS_MASK* PACCESS_MASK;

Remarks

The bits in this value are allocated as follows.

Bits Meaning
0 15
 Specific rights. Contains the access mask specific to the object type associated with the mask.
16 23
 Standard rights. Contains the object's standard access rights.
24
 Access system security (ACCESS_SYSTEM_SECURITY). It is used to indicate access to a system access control list (SACL). This type of access requires the calling process to have the SE_SECURITY_NAME (Manage auditing and security log) privilege. If this flag is set in the access mask of an audit access ACE (successful or unsuccessful access), the SACL access will be audited.
25
 Maximum allowed (MAXIMUM_ALLOWED).
26 27
 Reserved.
28
 Generic all (GENERIC_ALL).
29
 Generic execute (GENERIC_EXECUTE).
30
 Generic write (GENERIC_WRITE).
31
 Generic read (GENERIC_READ).

Standard rights bits, 16 to 23, contain the object's standard access rights and can be a combination of the following predefined flags.

Bit Flag Meaning
16
 DELETE
 Delete access.
17
 READ_CONTROL
 Read access to the owner, group, and discretionary access control list (DACL) of the security descriptor.
18
 WRITE_DAC
 Write access to the DACL.
19
 WRITE_OWNER
 Write access to owner.
20
 SYNCHRONIZE
 Synchronize access.

The following constants defined in Winnt.h represent the specific and standard access rights.

#define DELETE                           (0x00010000L)
#define READ_CONTROL                     (0x00020000L)
#define WRITE_DAC                        (0x00040000L)
#define WRITE_OWNER                      (0x00080000L)
#define SYNCHRONIZE                      (0x00100000L)

#define STANDARD_RIGHTS_REQUIRED         (0x000F0000L)

#define STANDARD_RIGHTS_READ             (READ_CONTROL)
#define STANDARD_RIGHTS_WRITE            (READ_CONTROL)
#define STANDARD_RIGHTS_EXECUTE          (READ_CONTROL)

#define STANDARD_RIGHTS_ALL              (0x001F0000L)

#define SPECIFIC_RIGHTS_ALL              (0x0000FFFFL)

Requirements

Requirement Value
Minimum supported client
 Windows XP [desktop apps only]
Minimum supported server
 Windows Server 2003 [desktop apps only]
Header
Winnt.h (include Windows.h)

See also

Access Control

Basic Access Control Structures

Access Rights and Access Masks

GENERIC_MAPPING