Export (0) Print
Expand All

Namespace Access Rights Constants

WMI has security constants used for namespace access checking by __SystemSecurity::GetCallerAccessRights. For security information about access control lists (ACLs, DACLs, or SACLs), see Access Control Lists (ACLs) and Standard Access Rights.

Constant/valueDescription
WBEM_ENABLE
1 (0x1)

Enables the account and grants the user read permissions. This is a default access right for all users and corresponds to the Enable Account permission on the Security tab of the WMI Control. For more information, see Setting Namespace Security with the WMI Control.

WBEM_METHOD_EXECUTE
2 (0x2)

Allows the execution of methods. Providers can perform additional access checks. This is a default access right for all users and corresponds to the Execute Methods permission on the Security tab of the WMI Control.

WBEM_FULL_WRITE_REP
4 (0x4)

Allows a user account to write to classes in the WMI repository as well as instances. A user cannot write to system classes. Only members of the Administrators group have this permission. WBEM_FULL_WRITE_REP corresponds to the Full Write permission on the Security tab of the WMI Control.

WBEM_PARTIAL_WRITE_REP
8 (0x8)

Allows you to write data to instances only, not classes. A user cannot write classes to the WMI repository. Only members of the Administrators group have this right. WBEM_PARTIAL_WRITE_REP corresponds to the Partial Write permission on the Security tab of the WMI Control.

WBEM_WRITE_PROVIDER
16 (0x10)

Allows writing classes and instances to providers. Note that providers can do additional access checks when impersonating a user. This is a default access right for all users and corresponds to the Provider Write permission on the Security tab of the WMI Control.

WBEM_REMOTE_ACCESS
32 (0x20)

Allows a user account to remotely perform any operations allowed by the permissions described above. Only members of the Administrators group have this right. WBEM_REMOTE_ACCESS corresponds to the Remote Enable permission on the Security tab of the WMI Control.

READ_CONTROL
131072 (0x20000)

Allows you to read the namespace security descriptor. Only members of the Administrators group have this right. READ_CONTROL corresponds to the Read Security permission on the Security tab of the WMI Control.

WRITE_DAC
262144 (0x40000)

Allows you to change the discretionary access control list (DACL) on the namespace. Only members of the Administrators group have this right. WRITE_DAC corresponds to the Edit Security permission on the Security tab of the WMI Control.

Requirements

Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2003

Header

Wbemcli.h

See also

WMI Security Constants
Securing WMI Namespaces
Access to WMI Namespaces
WMI Security Descriptor Objects
Changing Access Security on Securable Objects

 

 

Show:
© 2015 Microsoft