共用方式為


FileInfo.SetAccessControl(FileSecurity) 方法

定義

FileSecurity 物件所描述的訪問控制清單 (ACL) 專案套用至目前 FileInfo 物件所描述的檔案。

public:
 void SetAccessControl(System::Security::AccessControl::FileSecurity ^ fileSecurity);
public void SetAccessControl (System.Security.AccessControl.FileSecurity fileSecurity);
member this.SetAccessControl : System.Security.AccessControl.FileSecurity -> unit
Public Sub SetAccessControl (fileSecurity As FileSecurity)

參數

fileSecurity
FileSecurity

FileSecurity 物件,描述要套用至目前檔案的訪問控制清單 (ACL) 專案。

例外狀況

fileSecurity 參數是 null

找不到或修改檔案。

目前的進程沒有開啟檔案的存取權。

範例

下列程式代碼範例會使用 GetAccessControl 方法和 SetAccessControl 方法來新增,然後從檔案中移除 ACL 專案。 您必須提供有效的使用者或組帳戶,才能執行此範例。

#using <System.Security.dll>
using namespace System;
using namespace System::IO;
using namespace System::Security::AccessControl;
using namespace System::Security::Principal;

// Adds an ACL entry on the specified file for the specified account.
static void AddFileSecurity(String^ fileName, String^ account,
                     FileSystemRights^ rights, 
                     AccessControlType^ controlType)
{
    // Create a new FileInfo object.
    FileInfo^ fInfo = gcnew FileInfo(fileName);
    if (!fInfo->Exists)
    {
        fInfo->Create();
    }

    // Get a FileSecurity object that represents the
    // current security settings.
    FileSecurity^ fSecurity = fInfo->GetAccessControl();

    // Add the FileSystemAccessRule to the security settings.
    fSecurity->AddAccessRule(gcnew FileSystemAccessRule(account,
        *rights, *controlType));

    // Set the new access settings.
    fInfo->SetAccessControl(fSecurity);
}

// Removes an ACL entry on the specified file for the specified account.
static void RemoveFileSecurity(String^ fileName, String^ account,
                        FileSystemRights^ rights, 
                        AccessControlType^ controlType)
{
    // Create a new FileInfo object.
    FileInfo^ fInfo = gcnew FileInfo(fileName);
    if (!fInfo->Exists)
    {
        fInfo->Create();
    }

    // Get a FileSecurity object that represents the
    // current security settings.
    FileSecurity^ fSecurity = fInfo->GetAccessControl();

    // Remove the FileSystemAccessRule from the security settings.
    fSecurity->RemoveAccessRule(gcnew FileSystemAccessRule(account, 
        *rights, *controlType));

    // Set the new access settings.
    fInfo->SetAccessControl(fSecurity);
}

int main()
{
    try
    {
        String^ fileName = "c:\\test.xml";

        Console::WriteLine("Adding access control entry for " +
            fileName);

        // Add the access control entry to the file.
        // Before compiling this snippet, change MyDomain to your 
        // domain name and MyAccessAccount to the name 
        // you use to access your domain.
        AddFileSecurity(fileName, "MyDomain\\MyAccessAccount",
            FileSystemRights::ReadData, AccessControlType::Allow);

        Console::WriteLine("Removing access control entry from " +
            fileName);

        // Remove the access control entry from the file.
        // Before compiling this snippet, change MyDomain to your 
        // domain name and MyAccessAccount to the name 
        // you use to access your domain.
        RemoveFileSecurity(fileName, "MyDomain\\MyAccessAccount",
            FileSystemRights::ReadData, AccessControlType::Allow);

        Console::WriteLine("Done.");
    }
    catch (Exception^ e)
    {
        Console::WriteLine(e);
    }

}
//This code produces output similar to the following; 
//results may vary based on the computer/file structure/etc.:
//
//Adding access control entry for c:\test.xml
//Removing access control entry from c:\test.xml
//Done.
//
using System;
using System.IO;
using System.Security.AccessControl;

namespace FileSystemExample
{
    class FileExample
    {
        public static void Main()
        {
            try
            {
                string FileName = "c:/test.xml";

                Console.WriteLine("Adding access control entry for " + FileName);

                // Add the access control entry to the file.
                // Before compiling this snippet, change MyDomain to your
                // domain name and MyAccessAccount to the name
                // you use to access your domain.
                AddFileSecurity(FileName, @"MyDomain\MyAccessAccount", FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Removing access control entry from " + FileName);

                // Remove the access control entry from the file.
                // Before compiling this snippet, change MyDomain to your
                // domain name and MyAccessAccount to the name
                // you use to access your domain.
                RemoveFileSecurity(FileName, @"MyDomain\MyAccessAccount", FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Done.");
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }
        }

        // Adds an ACL entry on the specified file for the specified account.
        public static void AddFileSecurity(
            string FileName,
            string Account,
            FileSystemRights Rights,
            AccessControlType ControlType
            )
        {
            // Create a new FileInfo object.
            FileInfo fInfo = new(FileName);

            // Get a FileSecurity object that represents the
            // current security settings.
            FileSecurity fSecurity = fInfo.GetAccessControl();

            // Add the FileSystemAccessRule to the security settings.
            fSecurity.AddAccessRule(new FileSystemAccessRule(Account,
                                                            Rights,
                                                            ControlType));

            // Set the new access settings.
            fInfo.SetAccessControl(fSecurity);
        }

        // Removes an ACL entry on the specified file for the specified account.
        public static void RemoveFileSecurity(
            string FileName,
            string Account,
            FileSystemRights Rights,
            AccessControlType ControlType
            )
        {
            // Create a new FileInfo object.
            FileInfo fInfo = new(FileName);

            // Get a FileSecurity object that represents the
            // current security settings.
            FileSecurity fSecurity = fInfo.GetAccessControl();

            // Add the FileSystemAccessRule to the security settings.
            fSecurity.RemoveAccessRule(new FileSystemAccessRule(Account,
                                                            Rights,
                                                            ControlType));

            // Set the new access settings.
            fInfo.SetAccessControl(fSecurity);
        }
    }
}
//This code produces output similar to the following;
//results may vary based on the computer/file structure/etc.:
//
//Adding access control entry for c:\test.xml
//Removing access control entry from c:\test.xml
//Done.
//
Imports System.IO
Imports System.Security.AccessControl



Module FileExample

    Sub Main()
        Try
            Dim FileName As String = "c:\test.xml"

            Console.WriteLine("Adding access control entry for " & FileName)

            ' Add the access control entry to the file.
            ' Before compiling this snippet, change MyDomain to your 
            ' domain name and MyAccessAccount to the name 
            ' you use to access your domain.
            AddFileSecurity(FileName, "MyDomain\\MyAccessAccount", FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Removing access control entry from " & FileName)

            ' Remove the access control entry from the file.
            ' Before compiling this snippet, change MyDomain to your 
            ' domain name and MyAccessAccount to the name 
            ' you use to access your domain.
            RemoveFileSecurity(FileName, "MyDomain\\MyAccessAccount", FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Done.")
        Catch e As Exception
            Console.WriteLine(e)
        End Try

    End Sub


    ' Adds an ACL entry on the specified file for the specified account.
    Sub AddFileSecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
        ' Create a new FileInfo object.
        Dim fInfo As New FileInfo(FileName)

        ' Get a FileSecurity object that represents the 
        ' current security settings.
        Dim fSecurity As FileSecurity = fInfo.GetAccessControl()

        ' Add the FileSystemAccessRule to the security settings. 
        fSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))

        ' Set the new access settings.
        fInfo.SetAccessControl(fSecurity)

    End Sub


    ' Removes an ACL entry on the specified file for the specified account.
    Sub RemoveFileSecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
        ' Create a new FileInfo object.
        Dim fInfo As New FileInfo(FileName)

        ' Get a FileSecurity object that represents the 
        ' current security settings.
        Dim fSecurity As FileSecurity = fInfo.GetAccessControl()

        ' Add the FileSystemAccessRule to the security settings. 
        fSecurity.RemoveAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))

        ' Set the new access settings.
        fInfo.SetAccessControl(fSecurity)

    End Sub
End Module
'This code produces output similar to the following; 
'results may vary based on the computer/file structure/etc.:
'
'Adding access control entry for c:\test.xml
'Removing access control entry from c:\test.xml
'Done.
'

備註

SetAccessControl 方法會將訪問控制清單 (ACL) 專案套用至代表非繼承 ACL 清單的目前檔案。

每當您需要從檔案新增或移除 ACL 專案時,請使用 SetAccessControl 方法。

謹慎

fileSecurity 參數指定的 ACL 會取代檔案的現有 ACL。 若要新增新用戶的許可權,請使用 GetAccessControl 方法來取得現有的 ACL、修改它,然後使用 SetAccessControl 將它套用回檔案。

ACL 描述具有或沒有指定檔案上特定動作許可權的個人和群組。 如需詳細資訊,請參閱 如何:新增或移除存取控制清單項目

SetAccessControl 方法只會保存 FileSecurity 物件建立之後已修改的物件。 如果 FileSecurity 物件尚未修改,則不會保存至檔案。 因此,無法從某個檔案擷取 FileSecurity 物件,並將相同的物件重新套用至另一個檔案。

若要將 ACL 資訊從一個檔案複製到另一個檔案:

  1. 使用 GetAccessControl 方法,從來源檔案擷取 FileSecurity 物件。

  2. 為目的地檔案建立新的 FileSecurity 物件。

  3. 使用來源 FileSecurity 物件的 GetSecurityDescriptorBinaryFormGetSecurityDescriptorSddlForm 方法來擷取 ACL 資訊。

  4. 使用 SetSecurityDescriptorBinaryFormSetSecurityDescriptorSddlForm 方法,將步驟 3 中擷取的資訊複製到目的地 FileSecurity 物件。

  5. 使用 SetAccessControl 方法,將目的地 FileSecurity 物件設定為目的地檔案。

適用於