Поделиться через


Common AccessMask value when Configuring Share Permission Programmatically

In my previous post, I have shown you how to modify share permission using .Net framework. Access Mask is quite granular, most likely you will need to assign a particular user as 'Full Control', 'Change', or 'Read'. In Vista or Server 2008, it will be 'Co-Owner', 'Contributor', or 'Reader'.

The literal values for those permissions are:

Full Control/Owner/Co-owner = 2032127

Read/Reader = 1179817

Change/Contributor = 1179817

I created an enum flag like this:

 [Flags]
public enum AccessMaskEnum
{
    FILE_READ_DATA        = 0x000001,
    FILE_LIST_DIRECTORY   = 0x000001,
    FILE_WRITE_DATA       = 0x000002,
    FILE_ADD_FILE         = 0x000002,
    FILE_APPEND_DATA      = 0x000004,
    FILE_ADD_SUBDIRECTORY = 0x000004,
    FILE_READ_EA          = 0x000008,
    FILE_WRITE_EA         = 0x000010,
    FILE_EXECUTE          = 0x000020,
    FILE_TRAVERSE         = 0x000020,
    FILE_DELETE_CHILD     = 0x000040,
    FILE_READ_ATTRIBUTES  = 0x000080,
    FILE_WRITE_ATTRIBUTES = 0x000100,
    DELETE                = 0x010000,
    READ_CONTROL          = 0x020000,
    WRITE_DAC             = 0x040000,
    WRITE_OWNER           = 0x080000,
    SYNCHRONIZE           = 0x100000,
    OWNER                 = FILE_READ_DATA | FILE_LIST_DIRECTORY | FILE_WRITE_DATA |
                            FILE_ADD_FILE  | FILE_APPEND_DATA    | FILE_ADD_SUBDIRECTORY |
                            FILE_READ_EA   | FILE_WRITE_EA       | FILE_EXECUTE |
                            FILE_TRAVERSE  | FILE_DELETE_CHILD   | FILE_READ_ATTRIBUTES |
                            FILE_WRITE_ATTRIBUTES | DELETE       | READ_CONTROL | 
                            WRITE_DAC      | WRITE_OWNER         | SYNCHRONIZE,
    READ_ONLY             = FILE_READ_DATA | FILE_LIST_DIRECTORY | FILE_READ_EA |
                            FILE_EXECUTE   | FILE_TRAVERSE | FILE_READ_ATTRIBUTES |
                            READ_CONTROL   | SYNCHRONIZE, 
    CONTRIBUTOR           = OWNER & ~(FILE_DELETE_CHILD | WRITE_DAC | WRITE_OWNER)
}

You can assign this enum to the AccessMask property of Win32_Ace instance. For reference, take a look at this link.

I got those values by changing the permission using Windows Explorer and then reading the AccessMask, standard disclaimer apply, use it at your own risk. :)