Windows
PowerShell

Get-Aclで取得したファイル・フォルダのアクセス権(FileSystemRights)が、数字表記される場合の変換スクリプト

More than 1 year has passed since last update.
# get-aclで取得したアクセス権限(FileSystemRights)が、
# 32ビット整数(例:268435456)だった時の変換を行う関数
function map-acl ($aclnumber) {

  # 権限と32bit整数の紐付けハッシュ
    $accessMask = [ordered]@{
   [uint32]'0x80000000' = 'Generic_Read'    # 2147483648(読み込み同等)
   [uint32]'0x40000000' = 'Generic_Write'   # 1073741824(書き込み同等)
   [uint32]'0x20000000' = 'Generic_Execute' # 536870912(実行同等)
   [uint32]'0x10000000' = 'Generic_all'     # 268435456(フルコン同等)
   [uint32]'0x02000000' = 'MaximumAllowed'  # 33554432(詳細不明。予約済みビット)
   [uint32]'0x01000000' = 'AccessSystemSecurity' # 監査ログ出力設定
#  [uint32]'0x00100000' = 'Synchronize'
   [uint32]'0x00080000' = 'TakeOwnership'
   [uint32]'0x00040000' = 'ChangePermissions'
   [uint32]'0x00020000' = 'ReadPermissions '
   [uint32]'0x00010000' = 'Delete'
   [uint32]'0x00000100' = 'WriteAttributes'
   [uint32]'0x00000080' = 'ReadAttributes'
   [uint32]'0x00000040' = 'DeleteSubdirectoriesAndFiles'
   [uint32]'0x00000020' = 'Traverse/ExecuteFile'
   [uint32]'0x00000010' = 'WriteExtendedAttributes'
   [uint32]'0x00000008' = 'ReadExtendedAttributes'
   [uint32]'0x00000004' = 'CreateDirectories/AppendData'
   [uint32]'0x00000002' = 'CreateFiles/WriteData'
   [uint32]'0x00000001' = 'ListDirectory/ReadData'
    }

   # 2032137の場合フルコントロール。それ以外は
   switch ($aclnumber) {
   "2032127" {echo "FullControl";return}
   }

  # 入力された番号と配列を論理積でマッピング
  $accessMask.Keys | ? { $aclnumber -band $_ } | % { $accessMask[$_] }

}

# 使用例
PS > map-acl 2032127
FullControl

PS >map-acl 268435456
Generic_all