What is the SYNCHRONIZE File Access Right?

When dealing with Windows NTFS file system permissions, one quickly encounters the SYNCHRONIZE access right, the purpose of which may not be obvious. SYNCHRONIZE belongs to the standard access rights, just like DELETE, READ_CONTROL, WRITE_DAC and WRITE_OWNER.

Here is the definition of SYNCHRONIZE from MSDN (2010):

The SYNCHRONIZE access right is defined within the standard access rights list as the right to specify a file handle in one of the wait functions.

Here is the newer definition of SYNCHRONIZE from Microsoft Docs (2019):

The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.

About the Author

Helge Klein (ex CTP, MVP, and vExpert) worked as a consultant and developer before founding vast limits, the uberAgent company, which was acquired by the Citrix business unit of Cloud Software Group in late 2023. Previously, Helge applied his extensive knowledge in IT infrastructure projects and architected a user profile management product, the successor of which is now available as Citrix Profile Management. Helge is the author of the popular tools Delprof2 and SetACL. He has presented at Citrix Synergy, BriForum, E2EVC, Splunk .conf, and many other events.

1 Comment

Mark Ober

July 13, 2019 at 21:30

Can it be ruled out that whether this flag has been used and granted would imply in the state that the file will automatically thereafter be opened in by functions such as CreateFile…regarding either synchronous or asynchronous usage of the file? Or does it mean nothing more than that by NOT having granted this access on a file, a program cannot then wait on it whenever it is accessed asynchronously? But then, the question might become: are files NORMALLY accessed in SYNCHRONOUS mode unless otherwise told via a special flag to do so asynchronously, such as to CreateFile, in which case then this SYNCHRONIZE flag would suddenly become important, it thereby–when granted–giving the program the access right to wait for the file to finish its instructed business? This would seem odd, however, being that a program could, in-theory then, open a bunch of files intentionally in asynchronous mode all at once–without needing any special permissions to do so–having them do all types of things in the background at the same time…perhaps even thousands of them…without any restrictions at all in this regard–and yet then be restricted to NOT be able to wait for any of them to complete their activities by simply not having asked for or gained the SYNCHRONIZE access right? So does my confusion over these things make sense…or am I missing some significant information? Thanks.

What is the SYNCHRONIZE File Access Right?

About the Author

1 Comment

Leave a Reply Cancel reply

Related Posts

How to Map Generic Rights to Standard and Specific Rights

Finding (Executables in) User-Writeable Directories

Windows 7 Default File System Permissions Listing

You’ve Got a New Verisign Authenticode Certificate – Now What?

Latest Posts

OPNsense HowTo: IPv4 & IPv6 Internet Connectivity With FTTH Modem

Samba File Server: Web Access Through Filebrowser With SSO & HTTPS

Samba File Server With Windows ACLs in a Docker Container

Samba Active Directory as Authelia’s SSO Authentication Backend