Skip to main content
ACCESS_MASK

The ACCESS_MASK data type is a DWORD value that defines standard, specific, and generic rights. These rights are used in access control entries (ACEs) and are the primary means of specifying the requested or granted access to an object.


typedef DWORD ACCESS_MASK;
typedef ACCESS_MASK* PACCESS_MASK;

Remarks

The bits in this value are allocated as follows.

BitsMeaning

0–15

Specific rights. Contains the access mask specific to the object type associated with the mask.

16–23

Standard rights. Contains the object's standard access rights.

24

Access system security (ACCESS_SYSTEM_SECURITY). It is used to indicate access to a system access control list (SACL). This type of access requires the calling process to have the SE_SECURITY_NAME (Manage auditing and security log) privilege. If this flag is set in the access mask of an audit access ACE (successful or unsuccessful access), the SACL access will be audited.

25

Maximum allowed (MAXIMUM_ALLOWED).

26–27

Reserved.

28

Generic all (GENERIC_ALL).

29

Generic execute (GENERIC_EXECUTE).

30

Generic write (GENERIC_WRITE).

31

Generic read (GENERIC_READ).

 

Standard rights bits, 16 to 23, contain the object's standard access rights and can be a combination of the following predefined flags.

BitFlagMeaning

16

DELETE

Delete access.

17

READ_CONTROL

Read access to the owner, group, and discretionary access control list (DACL) of the security descriptor.

18

WRITE_DAC

Write access to the DACL.

19

WRITE_OWNER

Write access to owner.

20

SYNCHRONIZE

Synchronize access.

 

The following constants defined in Winnt.h represent the specific and standard access rights.


#define DELETE                           (0x00010000L)
#define READ_CONTROL                     (0x00020000L)
#define WRITE_DAC                        (0x00040000L)
#define WRITE_OWNER                      (0x00080000L)
#define SYNCHRONIZE                      (0x00100000L)

#define STANDARD_RIGHTS_REQUIRED         (0x000F0000L)

#define STANDARD_RIGHTS_READ             (READ_CONTROL)
#define STANDARD_RIGHTS_WRITE            (READ_CONTROL)
#define STANDARD_RIGHTS_EXECUTE          (READ_CONTROL)

#define STANDARD_RIGHTS_ALL              (0x001F0000L)

#define SPECIFIC_RIGHTS_ALL              (0x0000FFFFL)

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Winnt.h (include Windows.h)

See also

Access Control
Basic Access Control Structures
Access Rights and Access Masks
GENERIC_MAPPING