Access Rights and Access Masks
An access right is a bit flag that corresponds to a particular set of operations that a thread can perform on a securable object. For example, a registry key has the KEY_SET_VALUE access right, which corresponds to the ability of a thread to set a value under the key. If a thread tries to perform an operation on an object, but does not have the necessary access right to the object, the system does not carry out the operation.
An access mask is a 32-bit value whose bits correspond to the access rights supported by an object. All Windows securable objects use an access mask format that includes bits for the following types of access rights:
When a thread tries to open a handle to an object, the thread typically specifies an access mask to request a set of access rights. For example, an application that needs to set and query the values of a registry key can open the key by using an access mask to request the KEY_SET_VALUE and KEY_QUERY_VALUE access rights.
The following table shows the functions that manipulate the security information for each type of securable object.