FileSystemRights Enum
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Defines the access rights to use when creating access and audit rules.
This enumeration supports a bitwise combination of its member values.
public enum class FileSystemRights
[System.Flags]
public enum FileSystemRights
[System.Flags]
[System.Security.SecurityCritical]
public enum FileSystemRights
[<System.Flags>]
type FileSystemRights =
[<System.Flags>]
[<System.Security.SecurityCritical>]
type FileSystemRights =
Public Enum FileSystemRights
- Inheritance
- Attributes
Fields
Name | Value | Description |
---|---|---|
ListDirectory | 1 | Specifies the right to read the contents of a directory. |
ReadData | 1 | Specifies the right to open and copy a file or folder. This does not include the right to read file system attributes, extended file system attributes, or access and audit rules. |
CreateFiles | 2 | Specifies the right to create a file. This right requires the |
WriteData | 2 | Specifies the right to open and write to a file or folder. This does not include the right to open and write file system attributes, extended file system attributes, or access and audit rules. |
AppendData | 4 | Specifies the right to append data to the end of a file. |
CreateDirectories | 4 | Specifies the right to create a folder This right requires the |
ReadExtendedAttributes | 8 | Specifies the right to open and copy extended file system attributes from a folder or file. For example, this value specifies the right to view author and content information. This does not include the right to read data, file system attributes, or access and audit rules. |
WriteExtendedAttributes | 16 | Specifies the right to open and write extended file system attributes to a folder or file. This does not include the ability to write data, attributes, or access and audit rules. |
ExecuteFile | 32 | Specifies the right to run an application file. |
Traverse | 32 | Specifies the right to list the contents of a folder and to run applications contained within that folder. |
DeleteSubdirectoriesAndFiles | 64 | Specifies the right to delete a folder and any files contained within that folder. |
ReadAttributes | 128 | Specifies the right to open and copy file system attributes from a folder or file. For example, this value specifies the right to view the file creation or modified date. This does not include the right to read data, extended file system attributes, or access and audit rules. |
WriteAttributes | 256 | Specifies the right to open and write file system attributes to a folder or file. This does not include the ability to write data, extended attributes, or access and audit rules. |
Write | 278 | Specifies the right to create folders and files, and to add or remove data from files. This right includes the WriteData right, AppendData right, WriteExtendedAttributes right, and WriteAttributes right. |
Delete | 65536 | Specifies the right to delete a folder or file. |
ReadPermissions | 131072 | Specifies the right to open and copy access and audit rules from a folder or file. This does not include the right to read data, file system attributes, and extended file system attributes. |
Read | 131209 | Specifies the right to open and copy folders or files as read-only. This right includes the ReadData right, ReadExtendedAttributes right, ReadAttributes right, and ReadPermissions right. |
ReadAndExecute | 131241 | Specifies the right to open and copy folders or files as read-only, and to run application files. This right includes the Read right and the ExecuteFile right. |
Modify | 197055 | Specifies the right to read, write, list folder contents, delete folders and files, and run application files. This right includes the ReadAndExecute right, the Write right, and the Delete right. |
ChangePermissions | 262144 | Specifies the right to change the security and audit rules associated with a file or folder. |
TakeOwnership | 524288 | Specifies the right to change the owner of a folder or file. Note that owners of a resource have full access to that resource. |
Synchronize | 1048576 | Specifies whether the application can wait for a file handle to synchronize with the completion of an I/O operation. This value is automatically set when allowing access and automatically excluded when denying access. |
FullControl | 2032127 | Specifies the right to exert full control over a folder or file, and to modify access control and audit rules. This value represents the right to do anything with a file and is the combination of all rights in this enumeration. |
Examples
The following example uses the FileSystemRights
enumeration to specify an access rule and then removes the access rule from a file. You must supply a valid user or group account to run this example.
using System;
using System.IO;
using System.Security.AccessControl;
namespace FileSystemExample
{
class FileExample
{
public static void Main()
{
try
{
string fileName = "test.xml";
Console.WriteLine($"Adding access control entry for {fileName}");
// Add the access control entry to the file.
AddFileSecurity(fileName, @"DomainName\AccountName",
FileSystemRights.ReadData, AccessControlType.Allow);
Console.WriteLine($"Removing access control entry from {fileName}");
// Remove the access control entry from the file.
RemoveFileSecurity(fileName, @"DomainName\AccountName",
FileSystemRights.ReadData, AccessControlType.Allow);
Console.WriteLine("Done.");
}
catch (Exception e)
{
Console.WriteLine(e);
}
}
// Adds an ACL entry on the specified file for the specified account.
public static void AddFileSecurity(string fileName, string account,
FileSystemRights rights, AccessControlType controlType)
{
FileInfo fileInfo = new(fileName);
FileSecurity fSecurity = fileInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
fSecurity.AddAccessRule(new FileSystemAccessRule(account,
rights, controlType));
// Set the new access settings.
fileInfo.SetAccessControl(fSecurity);
}
// Removes an ACL entry on the specified file for the specified account.
public static void RemoveFileSecurity(string fileName, string account,
FileSystemRights rights, AccessControlType controlType)
{
FileInfo fileInfo = new(fileName);
FileSecurity fSecurity = fileInfo.GetAccessControl();
// Remove the FileSystemAccessRule from the security settings.
fSecurity.RemoveAccessRule(new FileSystemAccessRule(account,
rights, controlType));
// Set the new access settings.
fileInfo.SetAccessControl(fSecurity);
}
}
}
Imports System.IO
Imports System.Security.AccessControl
Module FileExample
Sub Main()
Try
Dim fileName As String = "test.xml"
Console.WriteLine("Adding access control entry for " & fileName)
' Add the access control entry to the file.
AddFileSecurity(fileName, "DomainName\AccountName",
FileSystemRights.ReadData, AccessControlType.Allow)
Console.WriteLine("Removing access control entry from " & fileName)
' Remove the access control entry from the file.
RemoveFileSecurity(fileName, "DomainName\AccountName",
FileSystemRights.ReadData, AccessControlType.Allow)
Console.WriteLine("Done.")
Catch e As Exception
Console.WriteLine(e)
End Try
End Sub
' Adds an ACL entry on the specified file for the specified account.
Sub AddFileSecurity(ByVal fileName As String, ByVal account As String,
ByVal rights As FileSystemRights, ByVal controlType As AccessControlType)
Dim fileInfo As New FileInfo(fileName)
Dim fSecurity As FileSecurity = fileInfo.GetAccessControl()
' Add the FileSystemAccessRule to the security settings.
Dim accessRule As New FileSystemAccessRule(account, rights, controlType)
fSecurity.AddAccessRule(accessRule)
' Set the new access settings.
fileInfo.SetAccessControl(fSecurity)
End Sub
' Removes an ACL entry on the specified file for the specified account.
Sub RemoveFileSecurity(ByVal fileName As String, ByVal account As String,
ByVal rights As FileSystemRights, ByVal controlType As AccessControlType)
Dim fileInfo As New FileInfo(fileName)
Dim fSecurity As FileSecurity = fileInfo.GetAccessControl()
' Remove the FileSystemAccessRule from the security settings.
fSecurity.RemoveAccessRule(New FileSystemAccessRule(account,
rights, controlType))
' Set the new access settings.
fileInfo.SetAccessControl(fSecurity)
End Sub
End Module
Remarks
The FileSystemRights enumeration specifies which file system actions are allowed for a particular user account and which file system actions are audited for a particular user account.
Use the FileSystemRights enumeration when creating an access rule with the FileSystemAccessRule class or when creating an audit rule with the FileSystemAuditRule class.
This enumeration contains several granular system rights values and several values that are a combination of those granular values. It is easier to use the combination values such as FullControl
, Read
, and Write
, rather than specifying each component value separately.
The CreateDirectories
and CreateFiles
rights require the Synchronize
right. If you do not explicitly set the Synchronize
value when creating a file or directory, it is set automatically for you.