In an ACE, permissions are represented by one or more bits in a 32-bit value called an access mask. When a thread requests access to an object, it specifies the type of access that it desires by using an access mask as well. During an access check, the operating system compares the desired access mask supplied by the thread with the access mask in each ACE of the object’s DACL, looking for bits that match. Figure 12.4 illustrates the layout of an access mask.
Figure 12.4 Layout of an Access Mask 继续阅读