access mask

Definition of access mask in The Network Encyclopedia.

What is Access Mask in networking

Defines all possible actions for a particular type of object (file, folder, and so on) for each access control entry (ACE) in a discretionary access control list (DACL) or a system access control list (SACL). The system chooses the access rights that it can grant to a thread from the possible actions listed in the access mask.

Microsoft Windows NT and Windows 2000 use access masks that support three types of access rights:

  • Specific access rights:
    These include access rights such as FILE_READ_DATA and FILE_APPEND_DATA, which provide permission to read and write data in a file. Objects can have up to 16 different specific access rights, depending on the object type.

     

  • Standard access rights:
    These apply to all objects and include DELETE, which grants or denies delete access to an object, and WRITE_OWNER, which grants or denies access to the owner security identifier (SID) of an object.

     

  • Generic access rights:
    These map to specific access rights and standard access rights. Each type of securable object maps generic access rights to its own specific and standard access rights. Generic access rights for file objects include FILE_GENERIC_READ, FILE_GENERIC_WRITE, and FILE_GENERIC_ EXECUTE. These three types are listed in Windows Explorer in Windows 2000 and in Windows NT Explorer in Windows NT as the special permissions read (R), write (W), and execute (X).