Access Right Identifiers

Windows Filtering Platform (WFP) uses the standard Win32 access rights plus a set of WFP-specific access rights built into the filtering platform. These access rights are used to secure objects in user mode only. Kernel-mode callers bypass all access checks.

WFP specific access right identifiers are as follows.

FWPM_ACTRL_ADD

Add an object to the Base Filtering Engine (BFE). This access right is needed in order to call Fwpm*Add0 functions.

FWPM_ACTRL_ADD_LINK

Add an object referenced through a link. For example, this access right is needed for callouts referenced through GUIDs.

FWPM_ACTRL_BEGIN_READ_TXN

Begin a read-only transaction. This access right is needed in order to call FwpmTransactionBegin0.

FWPM_ACTRL_BEGIN_WRITE_TXN

Begin a read/write transaction. This access right is needed in order to call FwpmTransactionBegin0 for a read/write transaction.

FWPM_ACTRL_CLASSIFY

Classify Remote Procedure Call (RPC). This access right is needed by the RPC run-time in order to enforce RPC filters.

FWPM_ACTRL_ENUM

Enumerate. This access right is needed in order to call Fwpm*CreateEnumHandle0 functions. To enumerate an object, the caller also needs FWPM_ACTRL_READ access to the object.

FWPM_ACTRL_OPEN

Open a session to the filter engine. This access right is needed in order to call FwpmEngineOpen0.

FWPM_ACTRL_READ

Read. This access right is needed in order to call Fwpm*GetById0 and Fwpm*GetByKey0 functions.

FWPM_ACTRL_READ_STATS

Read statistics. This access right is needed in order to call IPsecGetStatistics0 and IkeextGetStatistics0.

FWPM_ACTRL_SUBSCRIBE

Subscribe. This access right is needed in order to call Fwpm*SubscribeChanges0 functions. To receive a notification for an object, a subscriber also needs FWPM_ACTRL_READ access to the object.

FWPM_ACTRL_WRITE

Write engine options. This access right is needed in order to call FwpmEngineSetOption0.

FWPM_GENERIC_READ

STANDARD_RIGHTS_READ | FWPM_ACTRL_BEGIN_READ_TXN | FWPM_ACTRL_CLASSIFY | FWPM_ACTRL_OPEN | FWPM_ACTRL_READ | FWPM_ACTRL_READ_STATS

FWPM_GENERIC_EXECUTE

STANDARD_RIGHTS_EXECUTE | FWPM_ACTRL_ENUM | FWPM_ACTRL_SUBSCRIBE

FWPM_GENERIC_WRITE

STANDARD_RIGHTS_WRITE | DELETE | FWPM_ACTRL_ADD | FWPM_ACTRL_ADD_LINK | FWPM_ACTRL_BEGIN_WRITE_TXN | FWPM_ACTRL_WRITE

FWPM_GENERIC_ALL

STANDARD_RIGHTS_REQUIRED | FWPM_ACTRL_ADD | FWPM_ACTRL_ADD_LINK | FWPM_ACTRL_BEGIN_READ_TXN | FWPM_ACTRL_BEGIN_WRITE_TXN | FWPM_ACTRL_CLASSIFY | FWPM_ACTRL_ENUM | FWPM_ACTRL_OPEN | FWPM_ACTRL_READ | FWPM_ACTRL_READ_STATS | FWPM_ACTRL_SUBSCRIBE | FWPM_ACTRL_WRITE

Requirements

See also

Windows Filtering Platform Access Control Model

Standard Access Rights