A process or thread cannot wait on an access-token object because the access-token object type does not support the SYNCHRONIZE standard access type.
The access rights defined for access-token objects are STANDARD_RIGHTS_REQUIRED and the rights given in the following table.
| Value | Meaning |
| TOKEN_ADJUST_DEFAULT | Required to adjust default information, such as the owner, primary group, and default ACL in an access token. |
| TOKEN_ADJUST_GROUPS | Required to adjust the groups in an access token. |
| TOKEN_ADJUST_PRIVILEGES | Required to adjust the privileges in an access token. |
| TOKEN_ASSIGN_PRIMARY | Required to attach a primary token to a process. The SE_ASSIGNPRIMARYTOKEN_NAME privilege is also required to accomplish this task. |
| TOKEN_DUPLICATE | Required to duplicate an access token. |
| TOKEN_EXECUTE | Combines STANDARD_RIGHTS_EXECUTE and TOKEN_IMPERSONATE. |
| TOKEN_IMPERSONATE | Required to attach an impersonation access token to a process. |
| TOKEN_QUERY | Required to query an access token. |
| TOKEN_QUERY_SOURCE | Required to query the source of an access token. |
| TOKEN_READ | Combines STANDARD_RIGHTS_READ and TOKEN_QUERY. |
| TOKEN_WRITE | Combines STANDARD_RIGHTS_WRITE, TOKEN_ADJUST_PRIVILEGES, TOKEN_ADJUST_GROUPS, and TOKEN_ADJUST_DEFAULT. |
The TOKEN_ALL_ACCESS access right combines all possible access rights for a token.
The access rights for tokens are typically specified in calls to the OpenProcessToken and OpenThreadToken functions.