Windows ACL

icacls

省略形

icacls [file] /grant :

詳細

icacls <FileName> [/grant[:r] <Sid>:<Perm>[...]] [/deny <Sid>:<Perm>[...]] [/remove[:g|:d]] <Sid>[...]] [/t] [/c] [/l] [/q] [/setintegritylevel <Level>:<Policy>[...]]

icacls <Directory> [/substitute <SidOld> <SidNew> [...]] [/restore <ACLfile> [/c] [/l] [/q]]

権限

Perm is a permission mask that can be specified in one of the following forms:

A sequence of simple rights:

F (full access)
M (modify access)
RX (read and execute access)
R (read-only access)
W (write-only access)

A comma-separated list in parenthesis of specific rights:

D (delete)
RC (read control)
WDAC (write DAC)
WO (write owner)
S (synchronize)
AS (access system security)
MA (maximum allowed)
GR (generic read)
GW (generic write)
GE (generic execute)
GA (generic all)
RD (read data/list directory)
WD (write data/add file)
AD (append data/add subdirectory)
REA (read extended attributes)
WEA (write extended attributes)
X (execute/traverse)
DC (delete child)
RA (read attributes)
WA (write attributes)

Inheritance rights may precede either Perm form, and they are applied only to directories:

(OI): object inherit
(CI): container inherit
(IO): inherit only
(NP): do not propagate inherit

参考

https://technet.microsoft.com/ja-jp/library/cc753525(v=ws.10).aspx