The ACCESS_MASK structure is one doubleword value containing standard, specific, and generic rights. These rights are used in access-control entries (ACEs) and are the primary means of specifying the requested or granted access to an object.
typedef DWORD ACCESS_MASK;
The bits in this value are allocated as follows:
| Bits | Meaning |
| 0 through 15 | Specific rights. Contains the access mask specific to the object type associated with the mask. |
| 16 through 23 | Standard rights. Contains the object's standard access rights and can be a combination of the following predefined flags: |
| Bit | Flag | Meaning | |
| 16 | DELETE | Delete access | |
| 17 | READ_CONTROL | Read access to the owner, group, and discretionary access-control list (ACL) of the security descriptor | |
| 18 | WRITE_DAC | Write access to the discretionary access-control list (ACL) | |
| 19 | WRITE_OWNER | Write access to owner | |
| 20 | SYNCHRONIZE | Windows NT: Synchronize access |
| Bits | Meaning |
| 24 | Access system security (ACCESS_SYSTEM_SECURITY). This flag is not a typical access type. It is used to indicate access to a system ACL. This type of access requires the calling process to have a specific privilege. |
| 25 | Maximum allowed (MAXIMUM_ALLOWED) |
| 26 through 27 | Reserved |
| 28 | Generic all (GENERIC_ALL) |
| 29 | Generic execute (GENERIC_EXECUTE) |
| 30 | Generic write (GENERIC_WRITE) |
| 31 | Generic read (GENERIC_READ) |
The following constants represent the specific and standard access rights:
#define SPECIFIC_RIGHTS_ALL 0x0000FFFF
#define STANDARD_RIGHTS_REQUIRED 0x000F0000
#define STANDARD_RIGHTS_ALL 0x001F0000
See Also