Previous Topic: Access Authority by ClassNext Topic: selang Environments


Windows Access Authority by Class

Valid access values depend on the class the resource belongs to. The following table lists valid access values by class in the Windows (nt) environment.

Class

Valid Access Values

Let Accessors...

All classes

all

Perform all valid operations for the class.

 

none

Perform no valid operations for the class.

COM, DISK

change

Perform the combined operations of delete, read, and write.

 

changepermissions

Modify the ACL of the resource.

 

delete

Delete the resource.

 

read

Access data on the resource without changing it.

 

takeownership, chown, owner

Change the owner of the specified resource.

 

write

Write data to the specified resource.

FILE

 

Note: It is only possible to define access authorities for NTFS files; FAT files cannot have access authorities.

 

change

Perform the combined operations of delete, read, and write.

 

changepermissions, sec

Modify the ACL of the resource.

 

chmod

Perform all operations except delete.

 

chown

Change the owner of the specified resource.

 

delete

Delete the resource.

 

execute

Execute programs.

Note: To use this access, the accessor must also have read access.

 

read

Access a resource without changing it.

 

rename

Renames the resource.

Note: To rename a file, you must have delete access to the source and rename access to the target. The audit log reflects this order of events.

 

write

Modify the resource.

 

update

Perform the combined operations of read, write, and execute.

 

 

 

PRINTER

manage

Manage the printer. For example, set the data for a specified printer, pause printing, resume printing, clear all print jobs, update the ACL, or change printer properties.

 

print

Print using the printer.

REGKEY

append, create, subkey

Create or modify a subkey of the registry key

 

takeownership, chown, owner

Change the owner of the resource

 

changepermissions, sec, dac, writedac

Modify the ACL of the resource.

 

delete

Delete the resource.

 

enum

Enumerate subkeys.

 

link

Create a link to the registry key.

 

notify

Change notifications for a registry key or for subkeys of a registry key.

 

query

Query a value of the registry key

 

read

Access a resource without changing it.

 

readcontrol, manage

Read the information in the registry key's security descriptor, not including the information in the system (audit) ACL.

 

set

Create or set a value of the registry key.

 

write

Change the registry key and its subkeys.

SHARE

change

Change properties of the resource or remove sharing from the resource.

 

read

Access a resource without changing it.

Note: The values none and all are applicable to all classes. The value all represents the entire group of access values, other than none, for a particular class. For more information about access authority, see the Endpoint Administration Guide for Windows.