2.2.3.1 Access Values
The Access Values in the following table lists access level values that a print client can specify when opening a print job object, port object, printer object, or print server object. The type of object that an access value applies to is indicated in its name, as follows:
Access values that are named starting with "JOB" are used for opening print job objects.
Access values that are named starting with "PRINTER" are used for opening printer objects and port objects.
Access values that are named starting with "SERVER" are used for opening print server objects.
The ACCESS_MASK data type ([MS-DTYP] section 2.4.3) specifies standard access rights and reserves a range of values for protocol-specific use. The following table defines printing-specific access rights in the reserved range and in combination with standard access rights. For more information concerning access rights, see [MS-AZOD] section 1.1.1.5.
For completeness, the table lists all defined access values and identifies those that MUST NOT be used with the Print System Remote Protocol.
|
Name/value |
Description |
|---|---|
|
JOB_ACCESS_ADMINISTER 0x00000010 |
Printing-specific authorization to cancel, pause, resume, or restart the job ([MS-DTYP] ACCESS_MASK Bit 27). |
|
JOB_ACCESS_READ 0x00000020 |
Printing-specific read rights for the spool file ([MS-DTYP] ACCESS_MASK Bit 26).<142> |
|
JOB_EXECUTE 0x00020010 |
Access rights for jobs combining RC (Read Control) of ACCESS_MASK with printing-specific JOB_ACCESS_ADMINISTER. This value MUST NOT be passed over the wire. If it is, the server SHOULD return ERROR_ACCESS_DENIED. |
|
JOB_READ 0x00020020 |
Access rights for jobs combining RC (Read Control) of ACCESS_MASK with printing-specific JOB_ACCESS_READ. |
|
JOB_WRITE 0x00020010 |
Access rights for jobs combining RC (Read Control) of ACCESS_MASK with printing-specific JOB_ACCESS_ADMINISTER. This value MUST NOT be passed over the wire. If it is, the server SHOULD return ERROR_ACCESS_DENIED. |
|
JOB_ALL_ACCESS 0x000F0030 |
Access rights for printers to perform all administrative tasks and basic printing operations except SYNCHRONIZE ([MS-DTYP] ACCESS_MASK Bit 'SY'). Combines STANDARD_RIGHTS_REQUIRED (ACCESS_MASK Bits 'RC', 'DE', 'WD', 'WO'), JOB_ACCESS_ADMINISTER (ACCESS_MASK Bit 27), and JOB_ACCESS_READ (ACCESS_MASK Bit 26). |
|
PRINTER_ACCESS_ADMINISTER 0x00000004 |
Printing-specific access rights for printers to perform administrative tasks ([MS-DTYP] ACCESS_MASK Bit 29). |
|
PRINTER_ACCESS_USE 0x00000008 |
Printing-specific access rights for printers to perform basic printing operations ([MS-DTYP] ACCESS_MASK Bit 28). |
|
PRINTER_ACCESS_MANAGE_LIMITED 0x00000040 |
Printing-specific access rights for printers to perform printer data management operations ([MS-DTYP] ACCESS_MASK Bit 25).<143> |
|
PRINTER_ALL_ACCESS 0x000F000C |
Access rights for printers to perform all administrative tasks and basic printing operations except synchronization. Combines WO (Write Owner), WD (Write DACL), RC (Read Control), and DE (Delete) of ACCESS_MASK with printing-specific PRINTER_ACCESS_ADMINISTER and printing-specific PRINTER_ACCESS_USE. |
|
PRINTER_EXECUTE 0x00020008 |
Access rights for printers combining RC (Read Control) of ACCESS_MASK with printing-specific PRINTER_ACCESS_USE. |
|
PRINTER_READ 0x00020008 |
Access rights for printers combining RC (Read Control) of ACCESS_MASK with printing-specific PRINTER_ACCESS_USE. |
|
PRINTER_WRITE 0x00020008 |
Access rights for printers combining RC (Read Control) of ACCESS_MASK with printing-specific PRINTER_ACCESS_USE. |
|
SERVER_ACCESS_ADMINISTER 0x00000001 |
Printing-specific access rights to administer print servers ([MS-DTYP] ACCESS_MASK Bit 31). |
|
SERVER_ACCESS_ENUMERATE 0x00000002 |
Printing-specific access rights to enumerate print servers ([MS-DTYP] ACCESS_MASK Bit 30). |
|
SERVER_ALL_ACCESS 0x000F0003 |
Access rights for print servers to perform all administrative tasks and basic printing operations except synchronization. Combines WO (Write Owner), WD (Write DACL), RC (Read Control), and DE (Delete) of ACCESS_MASK with printing-specific SERVER_ACCESS_ADMINISTER and printing-specific SERVER_ACCESS_ENUMERATE. |
|
SERVER_EXECUTE 0x00020002 |
Access rights for print servers combining RC (Read Control) of ACCESS_MASK with printing-specific SERVER_ACCESS_ENUMERATE. |
|
SERVER_READ 0x00020002 |
Access rights for print servers combining RC (Read Control) of ACCESS_MASK with printing-specific SERVER_ACCESS_ENUMERATE. |
|
SERVER_WRITE 0x00020003 |
Access rights for print servers combining RC (Read Control) of ACCESS_MASK with printing-specific SERVER_ACCESS_ADMINISTER and printing-specific SERVER_ACCESS_ENUMERATE. |
|
SPECIFIC_RIGHTS_ALL 0x0000FFFF |
All specific rights.<144> This value MUST NOT be passed over the wire. It SHOULD only be used locally, as a mask to determine the protocol-specific subset of access values. |
|
STANDARD_RIGHTS_ALL 0x001F0000 |
Combines SY (Synchronize), WO (Write Owner), WD (Write DACL), RC (Read Control), and DE (Delete) of ACCESS_MASK.<145> This value MUST NOT be passed over the wire. It SHOULD only be used locally, as a mask to determine the standard set of access values. |
|
STANDARD_RIGHTS_EXECUTE 0x00020000 |
Standard rights, set to RC (Read Control) of ACCESS_MASK. |
|
STANDARD_RIGHTS_READ 0x00020000 |
Standard read rights, set to RC (Read Control) of ACCESS_MASK. |
|
STANDARD_RIGHTS_REQUIRED 0x000F0000 |
Standard rights, combines WO (Write Owner), WD (Write DACL), RC (Read Control), and DE (Delete) of ACCESS_MASK. |
|
STANDARD_RIGHTS_WRITE 0x00020000 |
Standard write rights, set to RC (Read Control) of ACCESS_MASK. |
|
SYNCHRONIZE 0x00100000 |
The right to use the object for synchronization, set to SY (Synchronize) of ACCESS_MASK.<146> This value MUST NOT be passed over the wire. If it is, the server SHOULD return ERROR_ACCESS_DENIED. |
|
DELETE 0x00010000 |
The right to delete an object, set to DE (Delete) of ACCESS_MASK. |
|
READ_CONTROL 0x00020000 |
The right to read the information in the object's security descriptor, not including the information in the system access control list (SACL), set to RC (Read Control) of ACCESS_MASK. |
|
WRITE_DAC 0x00040000 |
The right to modify the discretionary access control list (DACL) in the object's security descriptor, set to WD (Write DACL) of ACCESS_MASK. |
|
WRITE_OWNER 0x00080000 |
The right to change the owner in the object's security descriptor, set to WO (Write Owner) of ACCESS_MASK. |
|
GENERIC_READ 0x80000000 |
GR (Generic Read) of ACCESS_MASK: For server object, access is mapped to SERVER_READ. For printer object, access is mapped to PRINTER_READ. For print job, access is mapped to JOB_READ. |
|
GENERIC_WRITE 0x40000000 |
GW (Generic Write) of ACCESS_MASK: For server object, access is mapped to SERVER_WRITE. For printer object, access is mapped to PRINTER_WRITE. For print job, access is mapped to JOB_WRITE. |
|
GENERIC_EXECUTE 0x20000000 |
GX (Generic Execute) of ACCESS_MASK: For server object, access is mapped to SERVER_EXECUTE. For printer object, access is mapped to PRINTER_EXECUTE. For print job, access is mapped to JOB_EXECUTE. |
|
GENERIC_ALL 0x10000000 |
GA (Generic All) of ACCESS_MASK: For server object, access is mapped to SERVER_ALL_ACCESS. For printer object, access is mapped to PRINTER_ALL_ACCESS. For print job, access is mapped to JOB_ALL_ACCESS. |