File.SetAccessControl(String, FileSecurity) 方法
定義
重要
部分資訊涉及發行前產品,在發行之前可能會有大幅修改。 Microsoft 對此處提供的資訊,不做任何明確或隱含的瑕疵擔保。
將 FileSecurity 物件描述的存取控制清單 (ACL) 項目套用至指定的檔案。
public:
static void SetAccessControl(System::String ^ path, System::Security::AccessControl::FileSecurity ^ fileSecurity);public static void SetAccessControl (string path, System.Security.AccessControl.FileSecurity fileSecurity);static member SetAccessControl : string * System.Security.AccessControl.FileSecurity -> unitPublic Shared Sub SetAccessControl (path As String, fileSecurity As FileSecurity)參數
- path
- String
檔案,要加入或從中移除存取控制清單 (ACL) 項目。
- fileSecurity
- FileSecurity
FileSecurity 物件,描述要套用至 path 參數所描述之檔案的 ACL 項目。
例外狀況
開啟檔案時發生 I/O 錯誤。
path 參數為 null。
找不到檔案。
fileSecurity 參數為 null。
範例
下列程式碼範例會使用 GetAccessControl 和 SetAccessControl 方法,從檔案中新增和移除存取控制清單 (ACL) 專案。 您必須提供有效的使用者或群組帳戶,才能執行這個範例。
using namespace System;
using namespace System::IO;
using namespace System::Security::AccessControl;
// Adds an ACL entry on the specified file for the specified account.
void AddFileSecurity(String^ fileName, String^ account,
FileSystemRights rights, AccessControlType controlType)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity^ fSecurity = File::GetAccessControl(fileName);
// Add the FileSystemAccessRule to the security settings.
fSecurity->AddAccessRule(gcnew FileSystemAccessRule
(account,rights, controlType));
// Set the new access settings.
File::SetAccessControl(fileName, fSecurity);
}
// Removes an ACL entry on the specified file for the specified account.
void RemoveFileSecurity(String^ fileName, String^ account,
FileSystemRights rights, AccessControlType controlType)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity^ fSecurity = File::GetAccessControl(fileName);
// Remove the FileSystemAccessRule from the security settings.
fSecurity->RemoveAccessRule(gcnew FileSystemAccessRule
(account,rights, controlType));
// Set the new access settings.
File::SetAccessControl(fileName, fSecurity);
}
int main()
{
try
{
String^ fileName = "test.xml";
Console::WriteLine("Adding access control entry for " + fileName);
// Add the access control entry to the file.
AddFileSecurity(fileName, "MYDOMAIN\\MyAccount",
FileSystemRights::ReadData, AccessControlType::Allow);
Console::WriteLine("Removing access control entry from " + fileName);
// Remove the access control entry from the file.
RemoveFileSecurity(fileName, "MYDOMAIN\\MyAccount",
FileSystemRights::ReadData, AccessControlType::Allow);
Console::WriteLine("Done.");
}
catch (Exception^ ex)
{
Console::WriteLine(ex->Message);
}
}
using System;
using System.IO;
using System.Security.AccessControl;
namespace FileSystemExample
{
class FileExample
{
public static void Main()
{
try
{
string fileName = "test.xml";
Console.WriteLine("Adding access control entry for "
+ fileName);
// Add the access control entry to the file.
AddFileSecurity(fileName, @"DomainName\AccountName",
FileSystemRights.ReadData, AccessControlType.Allow);
Console.WriteLine("Removing access control entry from "
+ fileName);
// Remove the access control entry from the file.
RemoveFileSecurity(fileName, @"DomainName\AccountName",
FileSystemRights.ReadData, AccessControlType.Allow);
Console.WriteLine("Done.");
}
catch (Exception e)
{
Console.WriteLine(e);
}
}
// Adds an ACL entry on the specified file for the specified account.
public static void AddFileSecurity(string fileName, string account,
FileSystemRights rights, AccessControlType controlType)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = File.GetAccessControl(fileName);
// Add the FileSystemAccessRule to the security settings.
fSecurity.AddAccessRule(new FileSystemAccessRule(account,
rights, controlType));
// Set the new access settings.
File.SetAccessControl(fileName, fSecurity);
}
// Removes an ACL entry on the specified file for the specified account.
public static void RemoveFileSecurity(string fileName, string account,
FileSystemRights rights, AccessControlType controlType)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = File.GetAccessControl(fileName);
// Remove the FileSystemAccessRule from the security settings.
fSecurity.RemoveAccessRule(new FileSystemAccessRule(account,
rights, controlType));
// Set the new access settings.
File.SetAccessControl(fileName, fSecurity);
}
}
}
open System.IO
open System.Security.AccessControl
// Adds an ACL entry on the specified file for the specified account.
let addFileSecurity fileName (account: string) rights controlType =
// Get a FileSecurity object that represents the
// current security settings.
let fSecurity = File.GetAccessControl fileName
// Add the FileSystemAccessRule to the security settings.
FileSystemAccessRule(account, rights, controlType)
|> fSecurity.AddAccessRule
// Set the new access settings.
File.SetAccessControl(fileName, fSecurity)
// Removes an ACL entry on the specified file for the specified account.
let removeFileSecurity fileName (account: string) rights controlType =
// Get a FileSecurity object that represents the
// current security settings.
let fSecurity = File.GetAccessControl fileName
// Remove the FileSystemAccessRule from the security settings.
fSecurity.RemoveAccessRule(FileSystemAccessRule(account, rights, controlType))
|> ignore
// Set the new access settings.
File.SetAccessControl(fileName, fSecurity)
let fileName = "test.xml"
printfn $"Adding access control entry for {fileName}"
// Add the access control entry to the file.
addFileSecurity fileName @"DomainName\AccountName" FileSystemRights.ReadData AccessControlType.Allow
printfn $"Removing access control entry from {fileName}"
// Remove the access control entry from the file.
removeFileSecurity fileName @"DomainName\AccountName" FileSystemRights.ReadData AccessControlType.Allow
printfn "Done."
Imports System.IO
Imports System.Security.AccessControl
Module FileExample
Sub Main()
Try
Dim fileName As String = "test.xml"
Console.WriteLine("Adding access control entry for " & fileName)
' Add the access control entry to the file.
AddFileSecurity(fileName, "DomainName\AccountName", _
FileSystemRights.ReadData, AccessControlType.Allow)
Console.WriteLine("Removing access control entry from " & fileName)
' Remove the access control entry from the file.
RemoveFileSecurity(fileName, "DomainName\AccountName", _
FileSystemRights.ReadData, AccessControlType.Allow)
Console.WriteLine("Done.")
Catch e As Exception
Console.WriteLine(e)
End Try
End Sub
' Adds an ACL entry on the specified file for the specified account.
Sub AddFileSecurity(ByVal fileName As String, ByVal account As String, _
ByVal rights As FileSystemRights, ByVal controlType As AccessControlType)
' Get a FileSecurity object that represents the
' current security settings.
Dim fSecurity As FileSecurity = File.GetAccessControl(fileName)
' Add the FileSystemAccessRule to the security settings.
Dim accessRule As FileSystemAccessRule = _
New FileSystemAccessRule(account, rights, controlType)
fSecurity.AddAccessRule(accessRule)
' Set the new access settings.
File.SetAccessControl(fileName, fSecurity)
End Sub
' Removes an ACL entry on the specified file for the specified account.
Sub RemoveFileSecurity(ByVal fileName As String, ByVal account As String, _
ByVal rights As FileSystemRights, ByVal controlType As AccessControlType)
' Get a FileSecurity object that represents the
' current security settings.
Dim fSecurity As FileSecurity = File.GetAccessControl(fileName)
' Remove the FileSystemAccessRule from the security settings.
fSecurity.RemoveAccessRule(New FileSystemAccessRule(account, _
rights, controlType))
' Set the new access settings.
File.SetAccessControl(fileName, fSecurity)
End Sub
End Module
備註
方法 SetAccessControl 會將存取控制清單 (ACL) 專案套用至代表非內建 ACL 清單的檔案。
警告
為 fileSecurity 參數指定的 ACL 會取代檔案的現有 ACL。 若要新增使用者的許可權,請使用 GetAccessControl 方法來取得現有的 ACL、修改它,然後使用 SetAccessControl 將它套用回檔案。
ACL 描述具有或沒有指定檔案上特定動作許可權的個人和/或群組。 如需詳細資訊,請參閱如何:新增或移除存取控制清單項目。
方法 SetAccessControl 只會 FileSecurity 保存物件建立之後已修改的物件。 FileSecurity如果物件尚未修改,它將不會保存到檔案。 因此,無法從一個 FileSecurity 檔案擷取物件,並將相同的物件重新套用至另一個檔案。
若要將 ACL 資訊從一個檔案複製到另一個檔案:
GetAccessControl使用 方法可從原始程式檔擷取 FileSecurity 物件。
建立目的地檔案的新 FileSecurity 物件。
GetSecurityDescriptorBinaryForm使用來源 FileSecurity 物件的 或 GetSecurityDescriptorSddlForm 方法來擷取 ACL 資訊。
SetSecurityDescriptorBinaryForm使用 或 SetSecurityDescriptorSddlForm 方法,將步驟 3 中擷取的資訊複製到目的地 FileSecurity 物件。
使用 SetAccessControl 方法,將目的地 FileSecurity 物件設定為目的地檔案。
在 NTFS 環境中,如果使用者具有 ListDirectory 父資料夾的許可權, ReadAttributes 則會 ReadExtendedAttributes 授與使用者。 若要拒絕 ReadAttributes 和 ReadExtendedAttributes ,請在父目錄上拒絕 ListDirectory 。
適用於
另請參閱
意見反應
即將登場:在 2024 年,我們將逐步淘汰 GitHub 問題作為內容的意見反應機制,並將它取代為新的意見反應系統。 如需詳細資訊,請參閱:https://aka.ms/ContentUserFeedback。
提交並檢視相關的意見反應