File and Directory Access Rights Constants

WMI classes that represent files or directories, such as Win32_CodecFile or CIM_DataFile, contain an AccessMask property. This property contains bit settings that specify the access rights a user or group must have for specific access or operations on the file. For more information, see File Security and Access Rights and Changing Access Security on Securable Objects.

The file or directory classes which contain an AccessMask property include:

The following list lists the values for file and directory access rights in the AccessMask property. This property is a bitmap.

FILE_READ_DATA

1 (0x1)

Grants the right to read data from the file.

FILE_LIST_DIRECTORY

1 (0x1)

Grants the right to read data from the file. For a directory, this value grants the right to list the contents of the directory.

FILE_WRITE_DATA

2 (0x2)

Grants the right to write data to the file.

FILE_ADD_FILE

2 (0x2)

Grants the right to write data to the file. For a directory, this value grants the right to create a file in the directory.

FILE_APPEND_DATA

4 (0x4)

Grants the right to append data to the file. For a directory, this value grants the right to create a subdirectory.

FILE_ADD_SUBDIRECTORY

4 (0x4)

Grants the right to append data to the file. For a directory, this value grants the right to create a subdirectory.

FILE_READ_EA

8 (0x8)

Grants the right to read extended attributes.

FILE_WRITE_EA

16 (0x10)

Grants the right to write extended attributes.

FILE_EXECUTE

32 (0x20)

Grants the right to execute a file.

FILE_TRAVERSE

32 (0x20)

Grants the right to execute a file. For a directory, the directory can be traversed.

FILE_DELETE_CHILD

64 (0x40)

Grants the right to delete a directory and all the files it contains (its children), even if the files are read-only.

FILE_READ_ATTRIBUTES

128 (0x80)

Grants the right to read file attributes.

FILE_WRITE_ATTRIBUTES

256 (0x100)

Grants the right to change file attributes.

DELETE

65536 (0x10000)

Grants the right to delete the object.

READ_CONTROL

131072 (0x20000)

Grants the right to read the information in the security descriptor for the object, not including the information in the SACL.

WRITE_DAC

262144 (0x40000)

Grants the right to modify the DACL in the object security descriptor for the object.

WRITE_OWNER

524288 (0x80000)

Grants the right to change the owner in the security descriptor for the object.

SYNCHRONIZE

1048576 (0x100000)

Grants the right to use the object for synchronization. This enables a process to wait until the object is in signaled state. Some object types do not support this access right.

Requirements

Requirement Value
Header
Winnt.h

See also

WMI Security Constants

Maintaining WMI Security