Search Result

  effective access mode for <string> of <access control list>

Returns an integer corresponding to the access mode for the trustee specified by <string> of the given access control list.

Summary: This is a <Named> Property Inspector that takes an <access control list> type and returns an <integer> type.

Example:

effective access mode for 'Administrators' of dacls of security descriptors of system folder as hexadecimal
Returns a hex value corresponding to the access mode of the system folder for users logged in as Administrators.

Type:

<access control list>

An Access Control List, or ACL, is a list of security protections that applies to an object. An object can be a file, process, event, or anything else having a security descriptor. An entry in an access control list (ACL) is an access control entry (ACE). These Inspectors work by exposing the GetEffectiveRightsFromAcl method, as explained at the MSDN site.
Note: Requires Windows XP, Windows 2000 Professional, or Windows NT Workstation 3.1 and later.

Caution: These Windows Inspectors utilize the GetEffectiveRightsFromAcl API, which may introduce extra network load, particularly when looking up permissions of users and groups that do not exist or have complex relationships.

Note also:

The ACCESS_MASK is returned from the effective access mode as a double word defining standard, specific, and generic rights. These rights are used in access control entries (ACEs) and are the primary means of determining access to an object.

BitsMeaning
0 through 15Specific rights. Contains the access mask specific to the object type associated with the mask.
16 through 23Contains the object's standard access rights.
24The Access system security bit is used to indicate access to a system access control list (SACL). If this flag is set in the access mask of an audit access ACE (successful or unsuccessful access), the SACL access will be audited.
25Maximum allowed.
26 through 27Reserved.
28Generic all.
29Generic execute.
30Generic write.
31Generic read.

The standard rights bits from 16 to 23 contain the object's standard access rights and can be a combination of the following predefined flags:
BitFlagMeaning
16DELETEDelete access.
17READ_CONTROLRead access to the owner, group, and discretionary access control list (DACL) of the security descriptor.
18WRITE_DACWrite access to the DACL.
19WRITE_OWNERWrite access to owner.
20SYNCHRONIZESynchronize access.

Click for other Inspectors using <access control list>.

Return type:

<integer>

These integer creation methods are in addition to the other properties that return the integer type.

Integers are represented internally as 64-bit signed values.

Click for other Inspectors using <integer>.

Minimum version(s) supported: Win 6.0, Ubu .


© Copyright 2011 by IBM Corporation.
All rights reserved.