Throughout my discussions of access control and ACLs in this book, I often talk about permissions as numbers. For example, I might talk about 0x1FF as being a “set” of permissions, or granting “permissions 1 and 2” to someone. What I'm doing is being very generic and using literal access masks or numbered permissions. I'm not specifying what types of objects I'm talking about; I'm just talking about how access control works for all types of objects.

So let's make this concrete and look at examples of permissions for some real objects in Windows. Let's start with, oh, a registry key. Peeking at a Win32 header file called winnt.h shows us the following.^[1]

 // excerpt from winnt.h #define KEY_QUERY_VALUE (0x00000001) ...