Gewusst wie: Hinzufügen oder Entfernen von Zugriffssteuerungslisten-Einträgen
Zum Hinzufügen oder Entfernen von Zugriffssteuerungslisten-(ACL-)Einträgen zu bzw. aus einer Datei muss das FileSecurity-Objekt oder das DirectorySecurity-Objekt aus der Datei oder aus dem Verzeichnis abgerufen, geändert und dann wieder auf die Datei oder das Verzeichnis angewendet werden.
So fügen Sie einen ACL-Eintrag einer Datei hinzu bzw. entfernen ihn aus der Datei
Rufen Sie die GetAccessControl-Methode auf, um ein FileSecurity-Objekt abzurufen, das die aktuellen ACL-Einträge der Datei enthält.
Fügen Sie dem in Schritt 1 zurückgegebenen FileSecurity-Objekt ACL-Einträge hinzu, bzw. entfernen Sie sie daraus.
Übergeben Sie das FileSecurity-Objekt an die SetAccessControl-Methode, um die Änderungen anzuwenden.
So fügen Sie einem Verzeichnis einen ACL-Eintrag hinzu bzw. entfernen ihn daraus
Rufen Sie die GetAccessControl-Methode auf, um ein DirectorySecurity-Objekt abzurufen, das die aktuellen ACL-Einträge des Verzeichnisses enthält.
Fügen Sie dem in Schritt 1 zurückgegebenen DirectorySecurity-Objekt ACL-Einträge hinzu, bzw. entfernen Sie sie daraus.
Übergeben Sie das DirectorySecurity-Objekt an die SetAccessControl-Methode, um die Änderungen anzuwenden.
Beispiel
Imports System
Imports System.IO
Imports System.Security.AccessControl
Module FileExample
Sub Main()
Try
Dim fileName As String = "test.xml"
Console.WriteLine("Adding access control entry for " & fileName)
' Add the access control entry to the file.
AddFileSecurity(fileName, "DomainName\AccountName", _
FileSystemRights.ReadData, AccessControlType.Allow)
Console.WriteLine("Removing access control entry from " & fileName)
' Remove the access control entry from the file.
RemoveFileSecurity(fileName, "DomainName\AccountName", _
FileSystemRights.ReadData, AccessControlType.Allow)
Console.WriteLine("Done.")
Catch e As Exception
Console.WriteLine(e)
End Try
End Sub
' Adds an ACL entry on the specified file for the specified account.
Sub AddFileSecurity(ByVal fileName As String, ByVal account As String, _
ByVal rights As FileSystemRights, ByVal controlType As AccessControlType)
' Get a FileSecurity object that represents the
' current security settings.
Dim fSecurity As FileSecurity = File.GetAccessControl(fileName)
' Add the FileSystemAccessRule to the security settings.
Dim accessRule As FileSystemAccessRule = _
New FileSystemAccessRule(account, rights, controlType)
fSecurity.AddAccessRule(accessRule)
' Set the new access settings.
File.SetAccessControl(fileName, fSecurity)
End Sub
' Removes an ACL entry on the specified file for the specified account.
Sub RemoveFileSecurity(ByVal fileName As String, ByVal account As String, _
ByVal rights As FileSystemRights, ByVal controlType As AccessControlType)
' Get a FileSecurity object that represents the
' current security settings.
Dim fSecurity As FileSecurity = File.GetAccessControl(fileName)
' Remove the FileSystemAccessRule from the security settings.
fSecurity.RemoveAccessRule(New FileSystemAccessRule(account, _
rights, controlType))
' Set the new access settings.
File.SetAccessControl(fileName, fSecurity)
End Sub
End Module
using System;
using System.IO;
using System.Security.AccessControl;
namespace FileSystemExample
{
class FileExample
{
public static void Main()
{
try
{
string fileName = "test.xml";
Console.WriteLine("Adding access control entry for "
+ fileName);
// Add the access control entry to the file.
AddFileSecurity(fileName, @"DomainName\AccountName",
FileSystemRights.ReadData, AccessControlType.Allow);
Console.WriteLine("Removing access control entry from "
+ fileName);
// Remove the access control entry from the file.
RemoveFileSecurity(fileName, @"DomainName\AccountName",
FileSystemRights.ReadData, AccessControlType.Allow);
Console.WriteLine("Done.");
}
catch (Exception e)
{
Console.WriteLine(e);
}
}
// Adds an ACL entry on the specified file for the specified account.
public static void AddFileSecurity(string fileName, string account,
FileSystemRights rights, AccessControlType controlType)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = File.GetAccessControl(fileName);
// Add the FileSystemAccessRule to the security settings.
fSecurity.AddAccessRule(new FileSystemAccessRule(account,
rights, controlType));
// Set the new access settings.
File.SetAccessControl(fileName, fSecurity);
}
// Removes an ACL entry on the specified file for the specified account.
public static void RemoveFileSecurity(string fileName, string account,
FileSystemRights rights, AccessControlType controlType)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = File.GetAccessControl(fileName);
// Remove the FileSystemAccessRule from the security settings.
fSecurity.RemoveAccessRule(new FileSystemAccessRule(account,
rights, controlType));
// Set the new access settings.
File.SetAccessControl(fileName, fSecurity);
}
}
}
using namespace System;
using namespace System::IO;
using namespace System::Security::AccessControl;
// Adds an ACL entry on the specified file for the specified account.
void AddFileSecurity(String^ fileName, String^ account,
FileSystemRights rights, AccessControlType controlType)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity^ fSecurity = File::GetAccessControl(fileName);
// Add the FileSystemAccessRule to the security settings.
fSecurity->AddAccessRule(gcnew FileSystemAccessRule
(account,rights, controlType));
// Set the new access settings.
File::SetAccessControl(fileName, fSecurity);
}
// Removes an ACL entry on the specified file for the specified account.
void RemoveFileSecurity(String^ fileName, String^ account,
FileSystemRights rights, AccessControlType controlType)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity^ fSecurity = File::GetAccessControl(fileName);
// Remove the FileSystemAccessRule from the security settings.
fSecurity->RemoveAccessRule(gcnew FileSystemAccessRule
(account,rights, controlType));
// Set the new access settings.
File::SetAccessControl(fileName, fSecurity);
}
int main()
{
try
{
String^ fileName = "test.xml";
Console::WriteLine("Adding access control entry for " + fileName);
// Add the access control entry to the file.
AddFileSecurity(fileName, "MYDOMAIN\\MyAccount",
FileSystemRights::ReadData, AccessControlType::Allow);
Console::WriteLine("Removing access control entry from " + fileName);
// Remove the access control entry from the file.
RemoveFileSecurity(fileName, "MYDOMAIN\\MyAccount",
FileSystemRights::ReadData, AccessControlType::Allow);
Console::WriteLine("Done.");
}
catch (Exception^ ex)
{
Console::WriteLine(ex->Message);
}
}
Kompilieren des Codes
Sie müssen ein gültiges Benutzer- oder Gruppenkonto angeben, um dieses Beispiel auszuführen. Dieses Beispiel verwendet ein File-Objekt. Dasselbe Verfahren wird jedoch auch für die Klassen FileInfo, Directory und DirectoryInfo verwendet.