File and Directory Access Rights Constants
WMI classes that represent files or directories, such as Win32_CodecFile or CIM_DataFile, contain an AccessMask property. This property contains bit settings that specify the access rights a user or group must have for specific access or operations on the file. For more information, see File Security and Access Rights and Changing Access Security on Securable Objects.
The file or directory classes which contain an AccessMask property include:
- CIM_DataFile
- CIM_Directory
- CIM_LogicalFile
- Win32_CodecFile
- Win32_Directory
- Win32_NTEventLogFile
- Win32_Share
- Win32_ShortcutFile
The following list lists the values for file and directory access rights in the AccessMask property. This property is a bitmap.
-
FILE_READ_DATA
-
-
1 (0x1)
-
Grants the right to read data from the file.
-
-
FILE_LIST_DIRECTORY
-
-
1 (0x1)
-
Grants the right to read data from the file. For a directory, this value grants the right to list the contents of the directory.
-
-
FILE_WRITE_DATA
-
-
2 (0x2)
-
Grants the right to write data to the file.
-
-
FILE_ADD_FILE
-
-
2 (0x2)
-
Grants the right to write data to the file. For a directory, this value grants the right to create a file in the directory.
-
-
FILE_APPEND_DATA
-
-
4 (0x4)
-
Grants the right to append data to the file. For a directory, this value grants the right to create a subdirectory.
-
-
FILE_ADD_SUBDIRECTORY
-
-
4 (0x4)
-
Grants the right to append data to the file. For a directory, this value grants the right to create a subdirectory.
-
-
FILE_READ_EA
-
-
8 (0x8)
-
Grants the right to read extended attributes.
-
-
FILE_WRITE_EA
-
-
16 (0x10)
-
Grants the right to write extended attributes.
-
-
FILE_EXECUTE
-
-
32 (0x20)
-
Grants the right to execute a file.
-
-
FILE_TRAVERSE
-
-
32 (0x20)
-
Grants the right to execute a file. For a directory, the directory can be traversed.
-
-
FILE_DELETE_CHILD
-
-
64 (0x40)
-
Grants the right to delete a directory and all the files it contains (its children), even if the files are read-only.
-
-
FILE_READ_ATTRIBUTES
-
-
128 (0x80)
-
Grants the right to read file attributes.
-
-
FILE_WRITE_ATTRIBUTES
-
-
256 (0x100)
-
Grants the right to change file attributes.
-
-
DELETE
-
-
65536 (0x10000)
-
Grants the right to delete the object.
-
-
READ_CONTROL
-
-
131072 (0x20000)
-
Grants the right to read the information in the security descriptor for the object, not including the information in the SACL.
-
-
WRITE_DAC
-
-
262144 (0x40000)
-
Grants the right to modify the DACL in the object security descriptor for the object.
-
-
WRITE_OWNER
-
-
524288 (0x80000)
-
Grants the right to change the owner in the security descriptor for the object.
-
-
SYNCHRONIZE
-
-
1048576 (0x100000)
-
Grants the right to use the object for synchronization. This enables a process to wait until the object is in signaled state. Some object types do not support this access right.
-
Requirements
| Requirement | Value |
|---|---|
| Header |
|