Bewerken

Share via


FileSystemAccessRule Class

Definition

Represents an abstraction of an access control entry (ACE) that defines an access rule for a file or directory. This class cannot be inherited.

public ref class FileSystemAccessRule sealed : System::Security::AccessControl::AccessRule
public sealed class FileSystemAccessRule : System.Security.AccessControl.AccessRule
[System.Security.SecurityCritical]
public sealed class FileSystemAccessRule : System.Security.AccessControl.AccessRule
type FileSystemAccessRule = class
    inherit AccessRule
[<System.Security.SecurityCritical>]
type FileSystemAccessRule = class
    inherit AccessRule
Public NotInheritable Class FileSystemAccessRule
Inherits AccessRule
Inheritance
FileSystemAccessRule
Attributes

Examples

The following code example uses the FileSecurity class to add and then remove an access control entry (ACE) from a file. You must supply a valid user or group account to run this example.

using System;
using System.IO;
using System.Security.AccessControl;

namespace FileSystemExample
{
    class FileExample
    {
        public static void Main()
        {
            try
            {
                string fileName = "test.xml";

                Console.WriteLine($"Adding access control entry for {fileName}");

                // Add the access control entry to the file.
                AddFileSecurity(fileName, @"DomainName\AccountName",
                    FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine($"Removing access control entry from {fileName}");

                // Remove the access control entry from the file.
                RemoveFileSecurity(fileName, @"DomainName\AccountName",
                    FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Done.");
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }
        }

        // Adds an ACL entry on the specified file for the specified account.
        public static void AddFileSecurity(string fileName, string account,
            FileSystemRights rights, AccessControlType controlType)
        {
            FileInfo fileInfo = new(fileName);
            FileSecurity fSecurity = fileInfo.GetAccessControl();

            // Add the FileSystemAccessRule to the security settings.
            fSecurity.AddAccessRule(new FileSystemAccessRule(account,
                rights, controlType));

            // Set the new access settings.
            fileInfo.SetAccessControl(fSecurity);
        }

        // Removes an ACL entry on the specified file for the specified account.
        public static void RemoveFileSecurity(string fileName, string account,
            FileSystemRights rights, AccessControlType controlType)
        {
            FileInfo fileInfo = new(fileName);
            FileSecurity fSecurity = fileInfo.GetAccessControl();

            // Remove the FileSystemAccessRule from the security settings.
            fSecurity.RemoveAccessRule(new FileSystemAccessRule(account,
                rights, controlType));

            // Set the new access settings.
            fileInfo.SetAccessControl(fSecurity);
        }
    }
}
Imports System.IO
Imports System.Security.AccessControl

Module FileExample

    Sub Main()
        Try
            Dim fileName As String = "test.xml"

            Console.WriteLine("Adding access control entry for " & fileName)

            ' Add the access control entry to the file.
            AddFileSecurity(fileName, "DomainName\AccountName",
                FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Removing access control entry from " & fileName)

            ' Remove the access control entry from the file.
            RemoveFileSecurity(fileName, "DomainName\AccountName",
                FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Done.")
        Catch e As Exception
            Console.WriteLine(e)
        End Try

    End Sub

    ' Adds an ACL entry on the specified file for the specified account.
    Sub AddFileSecurity(ByVal fileName As String, ByVal account As String,
        ByVal rights As FileSystemRights, ByVal controlType As AccessControlType)

        Dim fileInfo As New FileInfo(fileName)
        Dim fSecurity As FileSecurity = fileInfo.GetAccessControl()

        ' Add the FileSystemAccessRule to the security settings. 
        Dim accessRule As New FileSystemAccessRule(account, rights, controlType)

        fSecurity.AddAccessRule(accessRule)

        ' Set the new access settings.
        fileInfo.SetAccessControl(fSecurity)

    End Sub

    ' Removes an ACL entry on the specified file for the specified account.
    Sub RemoveFileSecurity(ByVal fileName As String, ByVal account As String,
        ByVal rights As FileSystemRights, ByVal controlType As AccessControlType)

        Dim fileInfo As New FileInfo(fileName)
        Dim fSecurity As FileSecurity = fileInfo.GetAccessControl()

        ' Remove the FileSystemAccessRule from the security settings. 
        fSecurity.RemoveAccessRule(New FileSystemAccessRule(account,
            rights, controlType))

        ' Set the new access settings.
        fileInfo.SetAccessControl(fSecurity)

    End Sub
End Module

Remarks

The FileSystemAccessRule class represents an abstraction of an underlying access control entry (ACE) that specifies a user account, the type of access to provide (read, write, and so on), and whether to allow or deny that right. This class can also specify how access rules are propagated to child objects.

Use the FileSystemAccessRule class to create a new access rule. You can persist the rule using the FileSecurity or DirectorySecurity class.

Constructors

FileSystemAccessRule(IdentityReference, FileSystemRights, AccessControlType)

Initializes a new instance of the FileSystemAccessRule class using a reference to a user account, a value that specifies the type of operation associated with the access rule, and a value that specifies whether to allow or deny the operation.

FileSystemAccessRule(IdentityReference, FileSystemRights, InheritanceFlags, PropagationFlags, AccessControlType)

Initializes a new instance of the FileSystemAccessRule class using a reference to a user account, a value that specifies the type of operation associated with the access rule, a value that determines how rights are inherited, a value that determines how rights are propagated, and a value that specifies whether to allow or deny the operation.

FileSystemAccessRule(String, FileSystemRights, AccessControlType)

Initializes a new instance of the FileSystemAccessRule class using the name of a user account, a value that specifies the type of operation associated with the access rule, and a value that describes whether to allow or deny the operation.

FileSystemAccessRule(String, FileSystemRights, InheritanceFlags, PropagationFlags, AccessControlType)

Initializes a new instance of the FileSystemAccessRule class using the name of a user account, a value that specifies the type of operation associated with the access rule, a value that determines how rights are inherited, a value that determines how rights are propagated, and a value that specifies whether to allow or deny the operation.

Properties

AccessControlType

Gets the AccessControlType value associated with this AccessRule object.

(Inherited from AccessRule)
AccessMask

Gets the access mask for this rule.

(Inherited from AuthorizationRule)
FileSystemRights

Gets the FileSystemRights flags associated with the current FileSystemAccessRule object.

IdentityReference

Gets the IdentityReference to which this rule applies.

(Inherited from AuthorizationRule)
InheritanceFlags

Gets the value of flags that determine how this rule is inherited by child objects.

(Inherited from AuthorizationRule)
IsInherited

Gets a value indicating whether this rule is explicitly set or is inherited from a parent container object.

(Inherited from AuthorizationRule)
PropagationFlags

Gets the value of the propagation flags, which determine how inheritance of this rule is propagated to child objects. This property is significant only when the value of the InheritanceFlags enumeration is not None.

(Inherited from AuthorizationRule)

Methods

Equals(Object)

Determines whether the specified object is equal to the current object.

(Inherited from Object)
GetHashCode()

Serves as the default hash function.

(Inherited from Object)
GetType()

Gets the Type of the current instance.

(Inherited from Object)
MemberwiseClone()

Creates a shallow copy of the current Object.

(Inherited from Object)
ToString()

Returns a string that represents the current object.

(Inherited from Object)

Applies to