File System Objects Access Rights

Insertion Strings

Accesses Access List

Security Events

Event ID 4656 Event ID 4663 Event ID 5140


0x1

 ReadData (or ListDirectory)
ReadData: For a file object, the right to read the corresponding file data. For a directory object, the right to read the corresponding directory data. ListDirectory: For a directory, the right to list the contents of the directory.

0x2

 WriteData (or AddFile)
WriteData: For a file object, the right to write data to the file. For a directory object, the right to create a file in the directory (FILE_ADD_FILE). AddFile: For a directory, the right to create a file in the directory.

0x4

 AppendData (or AddSubdirectory or CreatePipeInstance)
AppendData: For a file object, the right to append data to the file. (For local files, write operations will not overwrite existing data if this flag is specified without FILE_WRITE_DATA.) For a directory object, the right to create a subdirectory (FILE_ADD_SUBDIRECTORY). AddSubdirectory: For a directory, the right to create a subdirectory. CreatePipeInstance: For a named pipe, the right to create a pipe.

0x8

 ReadEA
The right to read extended file attributes.

0x20

 Execute (or Traverse)
Execute: For a native code file, the right to execute the file. This access right given to scripts may cause the script to be executable, depending on the script interpreter. Traverse: For a directory, the right to traverse the directory. By default, users are assigned the BYPASS_TRAVERSE_CHECKING privilege, which ignores the FILE_TRAVERSE access right. See the remarks in File Security and Access Rights for more information.

0x40

 DeleteChild
For a directory, the right to delete a directory and all the files it contains, including read-only files.

0x80

 ReadAttributes
The right to read file attributes.

0x100

 WriteAttributes
The right to write file attributes.

0x10000

 DELETE
The right to delete the object.

0x20000

 READ_CONTROL
The right to read the information in the object's security descriptor, not including the information in the system access control list (SACL).

0x40000

 WRITE_DAC
The right to modify the discretionary access control list (DACL) in the object's security descriptor.

0x80000

 WRITE_OWNER
The right to change the owner in the object's security descriptor

0x100000

 SYNCHRONIZE
The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.

0x1000000

 ACCESS_SYS_SEC
The ACCESS_SYS_SEC access right controls the ability to get or set the SACL in an object's security descriptor.