Windows Access Authority by Class

Valid access values depend on the class the resource belongs to. The following table lists valid access values by class in the Windows (nt) environment.
capamsc141
Valid access values depend on the class the resource belongs to. The following table lists valid access values by class in the Windows (nt) environment.
Class
Valid Access Values
Let Accessors...
All classes
all
Perform
all
valid operations for the class.
 
none
Perform
no
valid operations for the class.
COM, DISK
change
Perform the combined operations of
delete
,
read
, and
write
.
 
changepermissions
Modify the ACL of the resource.
 
delete
Delete the resource.
 
read
Access data on the resource without changing it.
 
takeownership, chown, owner
Change the owner of the specified resource.
 
write
Write data to the specified resource.
FILE
 
Note:
It is only possible to define access authorities for NTFS files; FAT files cannot have access authorities.
 
change
Perform the combined operations of
delete
,
read
, and
write
.
 
changepermissions, sec
Modify the ACL of the resource.
 
chmod
Perform all operations except
delete
.
 
chown
Change the owner of the specified resource.
 
delete
Delete the resource.
 
execute
Execute programs.
Note:
To use this access, the accessor must also have
read
access.
 
read
Access a resource without changing it.
 
rename
Renames the resource.
Note:
To rename a file, you must have
delete
access to the source and
rename
access to the target. The audit log reflects this order of events.
 
write
Modify the resource.
 
update
Perform the combined operations of
read
,
write
, and execute.
 
 
 
PRINTER
manage
Manage the printer. For example, set the data for a specified printer, pause printing, resume printing, clear all print jobs, update the ACL, or change printer properties.
 
print
Print using the printer.
REGKEY
append, create, subkey
Create or modify a subkey of the registry key
 
takeownership, chown, owner
Change the owner of the resource
 
changepermissions, sec, dac, writedac
Modify the ACL of the resource.
 
delete
Delete the resource.
 
enum
Enumerate subkeys.
 
link
Create a link to the registry key.
 
notify
Change notifications for a registry key or for subkeys of a registry key.
 
query
Query a value of the registry key
 
read
Access a resource without changing it.
 
readcontrol, manage
Read the information in the registry key's security descriptor, not including the information in the system (audit) ACL.
 
set
Create or set a value of the registry key.
 
write
Change the registry key and its subkeys.
SHARE
change
Change properties of the resource or remove sharing from the resource.
 
read
Access a resource without changing it.
The values
none
and
all
are applicable to all classes. The value
all
represents the entire group of access values, other than
none
, for a particular class. For more information about access authority, see the
Endpoint Administration Guide for Windows
.