{"id":95705,"date":"2017-03-10T07:00:00","date_gmt":"2017-03-10T22:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/?p=95705"},"modified":"2019-03-13T01:07:51","modified_gmt":"2019-03-13T08:07:51","slug":"20170310-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20170310-00\/?p=95705","title":{"rendered":"Is GENERIC_ALL equivalent to GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE?"},"content":{"rendered":"

A customer wanted to know whether passing GENERIC_ALL<\/code> as an access mask is effectively equivalent to passing GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE<\/code>. Specifically, they were interested in the answer to this question with respect to the Create­File<\/code> function. <\/p>\n

Okay, first question first. Is GENERIC_ALL<\/code> effectively equivalent to GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE<\/code>? <\/p>\n

The answer is “It depends.” <\/p>\n

Each object decides what these generic access masks mean. Now, the intended use is that GENERIC_READ<\/code> correspond to whatever “read” access means for an object, GENERIC_WRITE<\/code> correspond to whatever “write” access means for an object, and GENERIC_EXECUTE<\/code> correspond to whatever “execute” access means for an object. It’s also the intended use that GENERIC_ALL<\/code> represent whatever access makes the most sense for “all access”. <\/p>\n

But that’s just the intended use. There is nothing physically preventing an object from giving those four generic access masks nonsensical values. Because anybody can make up a generic mapping<\/a>. Therefore, there’s nothing you can guarantee about the relationship between the generic access masks beyond “they are what the object decides they are.” <\/p>\n

In practice, GENERIC_ALL<\/code> is at least as big as GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE<\/code>, but it can be bigger. For example, for files (which is probably what the customer is asking about when they talk about Create­File<\/code>), the values are defined as follows, in winnt.h<\/code>: <\/p>\n

\n#define DELETE                           (0x00010000L)\n#define READ_CONTROL                     (0x00020000L)\n#define WRITE_DAC                        (0x00040000L)\n#define WRITE_OWNER                      (0x00080000L)\n#define SYNCHRONIZE                      (0x00100000L)\n\n#define STANDARD_RIGHTS_REQUIRED         (0x000F0000L)\n\n#define STANDARD_RIGHTS_READ             (READ_CONTROL)\n#define STANDARD_RIGHTS_WRITE            (READ_CONTROL)\n#define STANDARD_RIGHTS_EXECUTE          (READ_CONTROL)\n\n#define FILE_READ_DATA            ( 0x0001 )    \/\/ file & pipe\n#define FILE_LIST_DIRECTORY       ( 0x0001 )    \/\/ directory\n\n#define FILE_WRITE_DATA           ( 0x0002 )    \/\/ file & pipe\n#define FILE_ADD_FILE             ( 0x0002 )    \/\/ directory\n\n#define FILE_APPEND_DATA          ( 0x0004 )    \/\/ file\n#define FILE_ADD_SUBDIRECTORY     ( 0x0004 )    \/\/ directory\n#define FILE_CREATE_PIPE_INSTANCE ( 0x0004 )    \/\/ named pipe\n\n\n#define FILE_READ_EA              ( 0x0008 )    \/\/ file & directory\n\n#define FILE_WRITE_EA             ( 0x0010 )    \/\/ file & directory\n\n#define FILE_EXECUTE              ( 0x0020 )    \/\/ file\n#define FILE_TRAVERSE             ( 0x0020 )    \/\/ directory\n\n#define FILE_DELETE_CHILD         ( 0x0040 )    \/\/ directory\n\n#define FILE_READ_ATTRIBUTES      ( 0x0080 )    \/\/ all\n\n#define FILE_WRITE_ATTRIBUTES     ( 0x0100 )    \/\/ all\n\n#define FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF)\n\n#define FILE_GENERIC_READ         (STANDARD_RIGHTS_READ     |\\\n                                   FILE_READ_DATA           |\\\n                                   FILE_READ_ATTRIBUTES     |\\\n                                   FILE_READ_EA             |\\\n                                   SYNCHRONIZE)\n\n#define FILE_GENERIC_WRITE        (STANDARD_RIGHTS_WRITE    |\\\n                                   FILE_WRITE_DATA          |\\\n                                   FILE_WRITE_ATTRIBUTES    |\\\n                                   FILE_WRITE_EA            |\\\n                                   FILE_APPEND_DATA         |\\\n                                   SYNCHRONIZE)\n\n#define FILE_GENERIC_EXECUTE      (STANDARD_RIGHTS_EXECUTE  |\\\n                                   FILE_READ_ATTRIBUTES     |\\\n                                   FILE_EXECUTE             |\\\n                                   SYNCHRONIZE)\n<\/pre>\n
Right off the bat, you can see that of the standard rights, FILE_ALL_ACCESS<\/code> includes STANDARD_RIGHTS_REQUIRED<\/code>, whereas the FILE_GENERIC_*<\/code> values include only STANDARD_RIGHTS_*<\/code>, all of which are defined as READ_CONTROL<\/code>. This means that FILE_ALL_ACCESS<\/code> includes DELETE<\/code>, WRITE_DAC<\/code>, and WRITE_OWNER<\/code> which are not included in any of the other generic access masks. (SYNCHRONIZE<\/code> is explicitly added by all of the FILE_GENERIC_*<\/code> access masks.) <\/p>\n
If you study it a bit more, you’ll see that FILE_ALL_ACCESS<\/code> also includes FILE_DELETE_CHILD<\/code>, which is not present in any of the other generic access masks. <\/p>\n
So even in the specific case of file access, we see that GENERIC_ALL<\/code> is not equivalent to GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE<\/code>. <\/p>\n","protected":false},"excerpt":{"rendered":"
Only if the object says so.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[25],"class_list":["post-95705","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-code"],"acf":[],"blog_post_summary":"
Only if the object says so.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/95705","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=95705"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/95705\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=95705"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=95705"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=95705"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}