Directory.SetAccessControl(String, DirectorySecurity) Method

Reference

Definition

Namespace:: System.IO

Assembly:: mscorlib.dll

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Applies access control list (ACL) entries described by a DirectorySecurity object to the specified directory.

public:
 static void SetAccessControl(System::String ^ path, System::Security::AccessControl::DirectorySecurity ^ directorySecurity);

public static void SetAccessControl (string path, System.Security.AccessControl.DirectorySecurity directorySecurity);

static member SetAccessControl : string * System.Security.AccessControl.DirectorySecurity -> unit

Public Shared Sub SetAccessControl (path As String, directorySecurity As DirectorySecurity)

Parameters

path: String

A directory to add or remove access control list (ACL) entries from.

directorySecurity: DirectorySecurity

A DirectorySecurity object that describes an ACL entry to apply to the directory described by the path parameter.

Exceptions

ArgumentNullException

The directorySecurity parameter is null.

DirectoryNotFoundException

The directory could not be found.

ArgumentException

The path was invalid.

UnauthorizedAccessException

The current process does not have access to the directory specified by path.

-or-

The current process does not have sufficient privilege to set the ACL entry.

Remarks

The SetAccessControl method applies access control list (ACL) entries to a directory that represents the noninherited ACL list.

Caution

The ACL specified for the directorySecurity parameter replaces the existing ACL for the directory. To add permissions for a new user, use the GetAccessControl method to obtain the existing ACL and modify it.

An ACL describes individuals and groups who have, or don't have, rights to specific actions on the given file or directory. For more information, see How to: Add or Remove Access Control List Entries.

The SetAccessControl method persists only DirectorySecurity objects that have been modified after object creation. If a DirectorySecurity object has not been modified, it will not be persisted to a file. Therefore, it's not possible to retrieve a DirectorySecurity object from one file and reapply the same object to another file.

To copy ACL information from one file to another:

Use the GetAccessControl method to retrieve the DirectorySecurity object from the source file.
Create a new DirectorySecurity object for the destination file.
Use the GetSecurityDescriptorBinaryForm or GetSecurityDescriptorSddlForm method of the source DirectorySecurity object to retrieve the ACL information.
Use the SetSecurityDescriptorBinaryForm or SetSecurityDescriptorSddlForm method to copy the information retrieved in step 3 to the destination DirectorySecurity object.
Set the destination DirectorySecurity object to the destination file using the SetAccessControl method.

In NTFS environments, ReadAttributes and ReadExtendedAttributes are granted to the user if the user has ListDirectory rights on the parent folder. To deny ReadAttributes and ReadExtendedAttributes, deny ListDirectory on the parent directory.

Applies to

Share via