Resource Access Level 1

struct access_info_1 {
    unsigned char LSFAR * LSPTR  acc1_resource_name;
    short                        acc1_attr;
    short                        acc1_count;
};

where:

The first field in this data structure is identical to that in the previous level.
acc1_attr specifies the attributes of acc1_resource_name. The bits of acc1_attr are defined as follows: ┌───────┬──────────────────────────────────────────────────────────────────────┐
│ BIT │ MEANING │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 0 │ Audit all. When this bit is set, all access attempts are audited. │
│ │ No other bits in the field can be set. It is an error to set any │
│ │ other bits when bit 0 is set. When bit 0 is cleared, the remaining │
│ │ bits are defined as described in this table. │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 1-3 │ Reserved with a value of 0. │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 4 │ If 1, audit successful file opens. │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 5 │ If 1, audit successful file writes and successful directory creates. │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 6 │ If 1, audit successful file deletes or truncates and successful │
│ │ directory deletes. │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 7 │ If 1, audit successful file and directory access control profile │
│ │ changes. │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 8 │ If 1, audit failed file opens. │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 9 │ If 1, audit failed file writes and failed directory creates. │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 10 │ If 1, audit failed file deletes or truncates and failed directory │
│ │ deletes. │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 11 │ If 1, audit failed file and directory access control profile │
│ │ changes. │
├───────┼──────────────────────────────────────────────────────────────────────┤
│ 12-15 │ Reserved with a value of 0. │
├───────┴──────────────────────────────────────────────────────────────────────┤
│ NOTES: │
│ │
│ Other resources that can be accessed across the network, including │
│ spooler queues, serial device queues, and pipes, are audited using the │
│ FOR FILES bits. │
│ │
│ A value of 0 for the acc1_attr word means there is no auditing of │
│ resource accesses. A value of 1 means audit everything. Other values │
│ indicate the auditing of specific accesses. │
│ │
│ When write auditing is enabled, the write audit record is generated when │
│ the file is opened successfully for write. Only one write audit record │
│ is produced for each open instance of the file. If both write and open │
│ auditing are enabled, two audit records can be produced. │
│ │
│ File size changes (including truncation) are audited under the control │
│ of auditing bits 5 and 9. Thus, access that is controlled with the │
│ ACCESS_WRITE permission bits is audited by way of auditing bits 5 and 9. │
│ │
│ Bit 3 is used in conjunction with bit 4 to allow the auditor to deter- │
│ mine the duration of access. However, because this information is not │
│ required, the generation of the close audit is optional. │
└──────────────────────────────────────────────────────────────────────────────┘
acc1_count specifies the number of access_list data structures following the access_info_1 data structure.

In addition, the access_info_1 data structure can be followed by 0-64 access_list data structures. These structures define resource permissions for individual users or groups.

[Back: Resource Access Level 0]
[Next: User Access List Data Structure]