GENERIC_ALL and folders / ACL files? What does GENERIC_ALL really do?

Question

GENERIC_ALL and folders / ACL files? What does GENERIC_ALL really do?

I recently redesigned the security system on our file server, noting much of what was completely changed. Now my developers tell me that whenever they use GENERIC_ALL to open a file (for example, CreateFile() ), they get an access denied message.

After the study, nothing seemed to indicate that GENERIC_ALL was larger than GENERIC_EXECUTE + GENERIC_WRITE + GENERIC_READ ; however, this does not seem to be the case, as the developer managed to add three constant values and use it for CreateFile() .

So I ask ... what does GENERIC_ALL really do?

Thanks,

Matt

+6

c windows file-io createfile

mbrownnyc May 09 '12 at 1:20

source share

2 answers

GENERIC_ALL means "all possible access levels" (for files, this name is FILE_ALL_ACCESS ). Since you removed the full control, attempts to open for GENERIC_ALL will fail with Access Denied, because (for example) WRITE_DAC no longer provided.

+3

Raymond chen May 09 '12 at 1:28

source share

Greg hewgill · Accepted Answer · 2012-05-09T01:28:33+0000

The GENERIC_ALL permissions include all possible permissions, including things like WRITE_DAC (for changing permissions) and WRITE_OWNER (for changing the owner). The File Security and Access Rights page shows how the GENERIC_* access card has specific file permissions. The File permissions settings page displays all possible file permissions (which are expected to be requested when using GENERIC_ALL ).

You should encourage your developers to request only the level of access that they really need. Rarely, for example, is a file opened simultaneously by both GENERIC_EXECUTE and GENERIC_WRITE .

GENERIC_ALL and folders / ACL files? What does GENERIC_ALL really do?

More articles: