aces

Field name

Data type

Description

id_snapshot

number

auto-numbering of network snapshots.

object_id

number

Identifier of a file (see "realfiles") or a printer (see "printers") or a share (see "shares").

type

number

Type of access (can be: ACCESS_ALLOWED_ACE_TYPE = 1 or ACCESS_DENIED_ACE_TYPE = 0).

rightmask

number

Bit mask describing the type of access : allowed or denied (see Appendix).

account_name

string

Full account name corresponding to the ACE. This can be linked to a group or a user.

Rights

string

rwxd read write execute delete access rights

Bits

Meaning

0 through 15

Specific rights. Contains the access mask specific to the object type associated with the mask.

16 through 23

Standard rights. Contains the object's standard access rights and can be a combination of the following pre-defined flags:

Bit

Flag

Meaning

16

DELETE

Delete access

17

READ_CONTROL

Read access to the owner, group, and discretionary access-control list (ACL) of the security descriptor

18

WRITE_DAC

Write access to the discretionary access-control list (ACL)

19

WRITE_OWNER

Write access to owner

20

SYNCHRONIZE

Windows NT: Synchronize access

Bits

Meaning

24

Access system security (ACCESS_SYSTEM_SECURITY). This flag is not a typical access type. It is used to indicate access to an ACL system. This type of access requires the calling process to have a specific privilege.

25

Maximum allowed (MAXIMUM_ALLOWED)

26 through 27

Reserved

28

Generic all (GENERIC_ALL)

29

Generic execute (GENERIC_EXECUTE)

30

Generic write (GENERIC_WRITE)

31

Generic read (GENERIC_READ)