Various permissions (as listed below) can be granted on different Windows securable objects supported by the ObjectSecurity Object. These permissions can be combined to form different strings for granting permissions to users or for setting auditing on an object.
The Windows securable objects that the ObjectSecurity object supports are NTFS Files and Directories, Registry Keys, Printers, File Shares and Services. The permissions that can be granted on each of these securable objects are as follows:
Access Permissions
for NTFS Files
The allowed access permissions are FRWXDPO for files, where
F = Full control
R = Read access
W = Write access
X = Execute access
D = Delete access
P = Change permission access
O = Change ownership access
Access
Permissions for NTFS Directories
The allowed access permissions are FRWXDPOfrwxdpo for directories,
where
F = Full control
R = Read access on a directory and contained directories
W = Write access on a directory and contained directories
X = Execute access on a directory and contained directories
D = Delete permissions on a directory and contained directories
P = Change permission access on a directory and contained
directories
O = Change ownership access on a directory and contained
directories
f = Full control for files in a directory
r = Read access for files in a directory
w = Write access for files in a directory
x = Execute access for files in a directory
d = Delete permissions for files in a directory
p = Change permissions for files in a directory
o = Change ownership access for files in a directory
Access Permissions for
Registry Keys
The access permissions allowed on a registry key are FRWDQSCENLPOZ,
where
F = Full control
R = Read permission
W = Write permission
D = Delete permissions
Q = Query value
S = Set value
C = Create subkey
E = Enumerate subkeys
N = Key notify
L = Create key link
P = Change permission
O = Change ownership
Z = Read Control
Access Permissions for
Printers
The access permissions allowed for printers are FTMDPOfz, where
F = Full control
T = Access to print documents
M = Manage documents on the printer
D = Delete permissions
P = Change permission
O = Change ownership
f = Full control for printer ACE
z = Read control for printer ACE
Access Permissions for File Shares
The access permissions allowed for file shares are FRWXDPO, where
F = Full control
R = Read access on file share
W = Write access on file share
X = Execute access on file share
D = Delete access on file share
P = Change permission access on file share
O = Change ownership access on file share
Access Permissions for
Services
The access permissions allowed for a Windows service are
FQCYETSAIUDPZ, where
F = Full Control
Q = Access to query the configuration of a service
C = Access to change the configuration of a service
Y = Access to query the status of a service
E = Access to enumerate dependent services
T = Access to start the service
S = Access to stop the service
A = Access to pause or continue the service
I = Access to interrogate the status of a service
U = Access to specify a user defined control for a service
D = Access to delete the service
P = Access to set security on the service
Z = Access to read security on service (READ_CONTROL)
See Also