Good start, Bal290303,
you can use an “it clause” with a “tuple” to join together properties of an object in relevance
q: (name of it, permission permissions of it) of network shares
A: IPC$, False
A: Users, False
If you want to stay “easy” with the permissions, there are other permissions that are easy to query as documented here: https://developer.bigfix.com/relevance/reference/network-share.html
If you want to get “down and dirty” into the permissions, you might start with the ACL, like this:
q: (name of it, security descriptors of it) of network shares
A: Users, O:BAG:SYD:(A;OICI;FA;;;BA)
I: plural ( string, security descriptor )
q: (name of it, dacls of security descriptors of it) of network shares
A: Users, D:(A;OICI;FA;;;BA)
I: plural ( string, discretionary access control list )
q: (name of it, (grant types of it, trustees of it, enumerate subkeys permissions of it) of entries of dacls of security descriptors of it) of network shares
A: Users, ( True, BUILTIN\Administrators, True )
I: plural ( string, ( boolean, security identifier, boolean ) )
q: (name of it, (grant types of it, trustees of it, generic all permission of it, enumerate subkeys permissions of it) of entries of dacls of security descriptors of it) of network shares
A: Users, ( True, BUILTIN\Administrators, True, True )
I: plural ( string, ( boolean, security identifier, boolean, boolean ) )
There are dozens more permissions documented here: https://developer.bigfix.com/relevance/reference/access-control-entry.html