2.2.1.1 Common ACCESS_MASK Values

These values specify an access control that is applicable to all object types exposed by this protocol. These values can appear in the Mask field of an access control entry (ACE) or in methods to obtain a handle (for example, SamrConnect5).

Constant/value

Description

DELETE

0x00010000

Specifies the ability to delete the object.

READ_CONTROL

0x00020000

Specifies the ability to read the security descriptor.

WRITE_DAC

0x00040000

Specifies the ability to update the discretionary access control list (DACL) of the security descriptor.

WRITE_OWNER

0x00080000

Specifies the ability to update the Owner field of the security descriptor.

ACCESS_SYSTEM_SECURITY

0x01000000

Specifies access to the system security portion of the security descriptor.

MAXIMUM_ALLOWED

0x02000000

Indicates that the caller is requesting the most access possible to the object.

For more information, see [MS-DTYP] section 2.4.3. Values that are not listed have no meaning in this protocol.