Share via

Directory.SetAccessControl(String, DirectorySecurity) Method


Applies access control list (ACL) entries described by a DirectorySecurity object to the specified directory.

 static void SetAccessControl(System::String ^ path, System::Security::AccessControl::DirectorySecurity ^ directorySecurity);
public static void SetAccessControl (string path, System.Security.AccessControl.DirectorySecurity directorySecurity);
static member SetAccessControl : string * System.Security.AccessControl.DirectorySecurity -> unit
Public Shared Sub SetAccessControl (path As String, directorySecurity As DirectorySecurity)



A directory to add or remove access control list (ACL) entries from.


A DirectorySecurity object that describes an ACL entry to apply to the directory described by the path parameter.


The directorySecurity parameter is null.

The directory could not be found.

The path was invalid.

The current process does not have access to the directory specified by path.


The current process does not have sufficient privilege to set the ACL entry.


The SetAccessControl method applies access control list (ACL) entries to a directory that represents the noninherited ACL list.


The ACL specified for the directorySecurity parameter replaces the existing ACL for the directory. To add permissions for a new user, use the GetAccessControl method to obtain the existing ACL and modify it.

An ACL describes individuals and groups who have, or don't have, rights to specific actions on the given file or directory. For more information, see How to: Add or Remove Access Control List Entries.

The SetAccessControl method persists only DirectorySecurity objects that have been modified after object creation. If a DirectorySecurity object has not been modified, it will not be persisted to a file. Therefore, it's not possible to retrieve a DirectorySecurity object from one file and reapply the same object to another file.

To copy ACL information from one file to another:

  1. Use the GetAccessControl method to retrieve the DirectorySecurity object from the source file.

  2. Create a new DirectorySecurity object for the destination file.

  3. Use the GetSecurityDescriptorBinaryForm or GetSecurityDescriptorSddlForm method of the source DirectorySecurity object to retrieve the ACL information.

  4. Use the SetSecurityDescriptorBinaryForm or SetSecurityDescriptorSddlForm method to copy the information retrieved in step 3 to the destination DirectorySecurity object.

  5. Set the destination DirectorySecurity object to the destination file using the SetAccessControl method.

In NTFS environments, ReadAttributes and ReadExtendedAttributes are granted to the user if the user has ListDirectory rights on the parent folder. To deny ReadAttributes and ReadExtendedAttributes, deny ListDirectory on the parent directory.

Applies to

See also