WFP Access Right Identifiers (Compact 2013)
3/26/2014
WFP uses the standard access rights plus a set of WFP-specific access rights built into the filtering platform. These access rights are used to secure objects in user mode only. Kernel-mode callers bypass all access checks.
WFP specific access right identifiers are as follows:
Rights |
Meaning |
|---|---|
FWPM_ACTRL_ADD |
Add an object to the Base Filtering Engine (BFE). This access right is needed in order to call Fwpm*Add0 functions. |
FWPM_ACTRL_ADD_LINK |
Add an object referenced through a link. For example, this access right is needed for callouts referenced through GUIDs. |
FWPM_ACTRL_BEGIN_READ_TXN |
Begin a read-only transaction. This access right is needed in order to call FwpmTransactionBegin0. |
FWPM_ACTRL_BEGIN_WRITE_TXN |
Begin a read-write transaction. This access right is needed in order to call FwpmTransactionBegin0 for a read-write transaction. |
FWPM_ACTRL_CLASSIFY |
Classify Remote Procedure Call (RPC). This access right is needed by the RPC run-time in order to enforce RPC filters. |
FWPM_ACTRL_ENUM |
Enumerate. This access right is needed in order to call Fwpm*CreateEnumHandle0 functions. To enumerate an object, the caller also needs FWPM_ACTRL_READ access to the object. |
FWPM_ACTRL_OPEN |
Open a session to the filter engine. This access right is needed in order to call FwpmEngineOpen0. |
FWPM_ACTRL_READ |
Read. This access right is needed in order to call Fwpm*GetById0 and Fwpm*GetByKey0 functions. |
FWPM_ACTRL_READ_STATS |
Read statistics. This access right is needed in order to call IPsecGetStatistics0 and IkeextGetStatistics0. |
FWPM_ACTRL_SUBSCRIBE |
Subscribe. This access right is needed in order to call Fwpm*SubscribeChanges0 functions. To receive a notification for an object, a subscriber also needs FWPM_ACTRL_READ access to the object. |
FWPM_ACTRL_WRITE |
Write engine options |
FWPM_GENERIC_READ |
STANDARD_RIGHTS_READ | FWPM_ACTRL_BEGIN_READ_TXN | FWPM_ACTRL_CLASSIFY | FWPM_ACTRL_OPEN | FWPM_ACTRL_READ | FWPM_ACTRL_READ_STATS |
FWPM_GENERIC_EXECUTE |
STANDARD_RIGHTS_EXECUTE | FWPM_ACTRL_ENUM | FWPM_ACTRL_SUBSCRIBE |
FWPM_GENERIC_WRITE |
STANDARD_RIGHTS_WRITE | DELETE | FWPM_ACTRL_ADD | FWPM_ACTRL_ADD_LINK | FWPM_ACTRL_BEGIN_WRITE_TXN | FWPM_ACTRL_WRITE |
FWPM_GENERIC_ALL |
STANDARD_RIGHTS_REQUIRED | FWPM_ACTRL_ADD | FWPM_ACTRL_ADD_LINK | FWPM_ACTRL_BEGIN_READ_TXN | FWPM_ACTRL_BEGIN_WRITE_TXN | FWPM_ACTRL_CLASSIFY | FWPM_ACTRL_ENUM | FWPM_ACTRL_OPEN | FWPM_ACTRL_READ | FWPM_ACTRL_READ_STATS | FWPM_ACTRL_SUBSCRIBE | FWPM_ACTRL_WRITE |
See Also
Reference
WFP Constants
WFP Built-in Callout Identifiers
WFP Built-in Keying Module Identifiers
WFP Built-in Provider Context Identifiers
WFP Built-in Provider Identifiers
WFP Filter Context Identifiers
WFP Filter Weight Identifiers
WFP Filtering Conditions
WFP Filtering Layer Identifiers
WFP Filtering Sublayer Identifiers
WFP Error Codes