We saw some time ago that permission to delete a file is granted either
- if you have
DELETEaccess on the file, or - if you have
FILE_access on the containing directory.DELETE_ CHILD
File attributes behave in an analogous way.
Permission to read a file's attributes is granted either
- if you have
FILE_access on the file, orREAD_ ATTRIBUTES - if you have
FILE_access on the containing directory.LIST_ DIRECTORY
If you want the file's attributes,
you could always get it by reading the directory,
because one of the pieces of information you get
from FindFirstFile is the file attributes.
Therefore,
having permission to read a directory
implicitly
gives you permission to read the attributes of any file in that directory.
(Note, of course, that write permission on attributes is another story.)