2.2.13.1.2 Directory_Access_Mask

The following SMB2 Access Mask flag values can be used when accessing a directory.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Directory_Access_Mask

Directory_Access_Mask (4 bytes): For a directory, the value MUST be constructed using the following values:

Value

Meaning

FILE_LIST_DIRECTORY

0x00000001

This value indicates the right to enumerate the contents of the directory.

FILE_ADD_FILE

0x00000002

This value indicates the right to create a file under the directory.

FILE_ADD_SUBDIRECTORY

0x00000004

This value indicates the right to add a sub-directory under the directory.

FILE_READ_EA

0x00000008

This value indicates the right to read the extended attributes of the directory.

FILE_WRITE_EA

0x00000010

This value indicates the right to write or change the extended attributes of the directory.

FILE_TRAVERSE

0x00000020

This value indicates the right to traverse this directory if the server enforces traversal checking.

FILE_DELETE_CHILD

0x00000040

This value indicates the right to delete the files and directories within this directory.

FILE_READ_ATTRIBUTES

0x00000080

This value indicates the right to read the attributes of the directory.

FILE_WRITE_ATTRIBUTES

0x00000100

This value indicates the right to change the attributes of the directory.

DELETE

0x00010000

This value indicates the right to delete the directory.

READ_CONTROL

0x00020000

This value indicates the right to read the security descriptor for the directory.

WRITE_DAC

0x00040000

This value indicates the right to change the DACL in the security descriptor for the directory. For the DACL data structure, see ACL in [MS-DTYP].

WRITE_OWNER

0x00080000

This value indicates the right to change the owner in the security descriptor for the directory.

SYNCHRONIZE

0x00100000

SMB2 clients set this flag to any value.<51> SMB2 servers SHOULD<52> ignore this flag.

ACCESS_SYSTEM_SECURITY

0x01000000

This value indicates the right to read or change the SACL in the security descriptor for the directory. For the SACL data structure, see ACL in [MS-DTYP].<53>

MAXIMUM_ALLOWED

0x02000000

This value indicates that the client is requesting an open to the directory with the highest level of access the client has on this directory. If no access is granted for the client on this directory, the server MUST fail the open with STATUS_ACCESS_DENIED.

GENERIC_ALL

0x10000000

This value indicates a request for all the access flags that are listed above except MAXIMUM_ALLOWED and ACCESS_SYSTEM_SECURITY.

GENERIC_EXECUTE

0x20000000

This value indicates a request for the following access flags listed above: FILE_READ_ATTRIBUTES| FILE_TRAVERSE| SYNCHRONIZE| READ_CONTROL.

GENERIC_WRITE

0x40000000

This value indicates a request for the following access flags listed above: FILE_ADD_FILE| FILE_ADD_SUBDIRECTORY| FILE_WRITE_ATTRIBUTES| FILE_WRITE_EA| SYNCHRONIZE| READ_CONTROL.

GENERIC_READ

0x80000000

This value indicates a request for the following access flags listed above: FILE_LIST_DIRECTORY| FILE_READ_ATTRIBUTES| FILE_READ_EA| SYNCHRONIZE| READ_CONTROL.