Windows Access Authority by Class
Valid access values depend on the class the resource belongs to. The following table lists valid access values by class in the Windows (nt) environment.
capamsc141
Valid access values depend on the class the resource belongs to. The following table lists valid access values by class in the Windows (nt) environment.
Class | Valid Access Values | Let Accessors... |
All classes | all | Perform all valid operations for the class. |
none | Perform no valid operations for the class. | |
COM, DISK | change | Perform the combined operations of delete , read , and write . |
changepermissions | Modify the ACL of the resource. | |
delete | Delete the resource. | |
read | Access data on the resource without changing it. | |
takeownership, chown, owner | Change the owner of the specified resource. | |
write | Write data to the specified resource. | |
FILE | Note: It is only possible to define access authorities for NTFS files; FAT files cannot have access authorities. | |
change | Perform the combined operations of delete , read , and write . | |
changepermissions, sec | Modify the ACL of the resource. | |
chmod | Perform all operations except delete . | |
chown | Change the owner of the specified resource. | |
delete | Delete the resource. | |
execute | Execute programs. Note: To use this access, the accessor must also have read access. | |
read | Access a resource without changing it. | |
rename | Renames the resource. Note: To rename a file, you must have delete access to the source and rename access to the target. The audit log reflects this order of events. | |
write | Modify the resource. | |
update | Perform the combined operations of read , write , and execute. | |
PRINTER | manage | Manage the printer. For example, set the data for a specified printer, pause printing, resume printing, clear all print jobs, update the ACL, or change printer properties. |
print | Print using the printer. | |
REGKEY | append, create, subkey | Create or modify a subkey of the registry key |
takeownership, chown, owner | Change the owner of the resource | |
changepermissions, sec, dac, writedac | Modify the ACL of the resource. | |
delete | Delete the resource. | |
enum | Enumerate subkeys. | |
link | Create a link to the registry key. | |
notify | Change notifications for a registry key or for subkeys of a registry key. | |
query | Query a value of the registry key | |
read | Access a resource without changing it. | |
readcontrol, manage | Read the information in the registry key's security descriptor, not including the information in the system (audit) ACL. | |
set | Create or set a value of the registry key. | |
write | Change the registry key and its subkeys. | |
SHARE | change | Change properties of the resource or remove sharing from the resource. |
read | Access a resource without changing it. |
The values
none
and all
are applicable to all classes. The value all
represents the entire group of access values, other than none
, for a particular class. For more information about access authority, see the Endpoint Administration Guide for Windows
.