FileInfo.SetAccessControl(FileSecurity) 方法
定義
重要
部分資訊涉及發行前產品,在發行之前可能會有大幅修改。 Microsoft 對此處提供的資訊,不做任何明確或隱含的瑕疵擔保。
將 FileSecurity 物件所描述的訪問控制清單 (ACL) 專案套用至目前 FileInfo 物件所描述的檔案。
public:
void SetAccessControl(System::Security::AccessControl::FileSecurity ^ fileSecurity);public void SetAccessControl (System.Security.AccessControl.FileSecurity fileSecurity);member this.SetAccessControl : System.Security.AccessControl.FileSecurity -> unitPublic Sub SetAccessControl (fileSecurity As FileSecurity)參數
- fileSecurity
- FileSecurity
FileSecurity 物件,描述要套用至目前檔案的訪問控制清單 (ACL) 專案。
例外狀況
fileSecurity 參數是 null。
找不到或修改檔案。
目前的進程沒有開啟檔案的存取權。
範例
下列程式代碼範例會使用 GetAccessControl 方法和 SetAccessControl 方法來新增,然後從檔案中移除 ACL 專案。 您必須提供有效的使用者或組帳戶,才能執行此範例。
#using <System.Security.dll>
using namespace System;
using namespace System::IO;
using namespace System::Security::AccessControl;
using namespace System::Security::Principal;
// Adds an ACL entry on the specified file for the specified account.
static void AddFileSecurity(String^ fileName, String^ account,
FileSystemRights^ rights,
AccessControlType^ controlType)
{
// Create a new FileInfo object.
FileInfo^ fInfo = gcnew FileInfo(fileName);
if (!fInfo->Exists)
{
fInfo->Create();
}
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity^ fSecurity = fInfo->GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
fSecurity->AddAccessRule(gcnew FileSystemAccessRule(account,
*rights, *controlType));
// Set the new access settings.
fInfo->SetAccessControl(fSecurity);
}
// Removes an ACL entry on the specified file for the specified account.
static void RemoveFileSecurity(String^ fileName, String^ account,
FileSystemRights^ rights,
AccessControlType^ controlType)
{
// Create a new FileInfo object.
FileInfo^ fInfo = gcnew FileInfo(fileName);
if (!fInfo->Exists)
{
fInfo->Create();
}
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity^ fSecurity = fInfo->GetAccessControl();
// Remove the FileSystemAccessRule from the security settings.
fSecurity->RemoveAccessRule(gcnew FileSystemAccessRule(account,
*rights, *controlType));
// Set the new access settings.
fInfo->SetAccessControl(fSecurity);
}
int main()
{
try
{
String^ fileName = "c:\\test.xml";
Console::WriteLine("Adding access control entry for " +
fileName);
// Add the access control entry to the file.
// Before compiling this snippet, change MyDomain to your
// domain name and MyAccessAccount to the name
// you use to access your domain.
AddFileSecurity(fileName, "MyDomain\\MyAccessAccount",
FileSystemRights::ReadData, AccessControlType::Allow);
Console::WriteLine("Removing access control entry from " +
fileName);
// Remove the access control entry from the file.
// Before compiling this snippet, change MyDomain to your
// domain name and MyAccessAccount to the name
// you use to access your domain.
RemoveFileSecurity(fileName, "MyDomain\\MyAccessAccount",
FileSystemRights::ReadData, AccessControlType::Allow);
Console::WriteLine("Done.");
}
catch (Exception^ e)
{
Console::WriteLine(e);
}
}
//This code produces output similar to the following;
//results may vary based on the computer/file structure/etc.:
//
//Adding access control entry for c:\test.xml
//Removing access control entry from c:\test.xml
//Done.
//
using System;
using System.IO;
using System.Security.AccessControl;
namespace FileSystemExample
{
class FileExample
{
public static void Main()
{
try
{
string FileName = "c:/test.xml";
Console.WriteLine("Adding access control entry for " + FileName);
// Add the access control entry to the file.
// Before compiling this snippet, change MyDomain to your
// domain name and MyAccessAccount to the name
// you use to access your domain.
AddFileSecurity(FileName, @"MyDomain\MyAccessAccount", FileSystemRights.ReadData, AccessControlType.Allow);
Console.WriteLine("Removing access control entry from " + FileName);
// Remove the access control entry from the file.
// Before compiling this snippet, change MyDomain to your
// domain name and MyAccessAccount to the name
// you use to access your domain.
RemoveFileSecurity(FileName, @"MyDomain\MyAccessAccount", FileSystemRights.ReadData, AccessControlType.Allow);
Console.WriteLine("Done.");
}
catch (Exception e)
{
Console.WriteLine(e);
}
}
// Adds an ACL entry on the specified file for the specified account.
public static void AddFileSecurity(
string FileName,
string Account,
FileSystemRights Rights,
AccessControlType ControlType
)
{
// Create a new FileInfo object.
FileInfo fInfo = new(FileName);
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = fInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
fSecurity.AddAccessRule(new FileSystemAccessRule(Account,
Rights,
ControlType));
// Set the new access settings.
fInfo.SetAccessControl(fSecurity);
}
// Removes an ACL entry on the specified file for the specified account.
public static void RemoveFileSecurity(
string FileName,
string Account,
FileSystemRights Rights,
AccessControlType ControlType
)
{
// Create a new FileInfo object.
FileInfo fInfo = new(FileName);
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = fInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
fSecurity.RemoveAccessRule(new FileSystemAccessRule(Account,
Rights,
ControlType));
// Set the new access settings.
fInfo.SetAccessControl(fSecurity);
}
}
}
//This code produces output similar to the following;
//results may vary based on the computer/file structure/etc.:
//
//Adding access control entry for c:\test.xml
//Removing access control entry from c:\test.xml
//Done.
//
Imports System.IO
Imports System.Security.AccessControl
Module FileExample
Sub Main()
Try
Dim FileName As String = "c:\test.xml"
Console.WriteLine("Adding access control entry for " & FileName)
' Add the access control entry to the file.
' Before compiling this snippet, change MyDomain to your
' domain name and MyAccessAccount to the name
' you use to access your domain.
AddFileSecurity(FileName, "MyDomain\\MyAccessAccount", FileSystemRights.ReadData, AccessControlType.Allow)
Console.WriteLine("Removing access control entry from " & FileName)
' Remove the access control entry from the file.
' Before compiling this snippet, change MyDomain to your
' domain name and MyAccessAccount to the name
' you use to access your domain.
RemoveFileSecurity(FileName, "MyDomain\\MyAccessAccount", FileSystemRights.ReadData, AccessControlType.Allow)
Console.WriteLine("Done.")
Catch e As Exception
Console.WriteLine(e)
End Try
End Sub
' Adds an ACL entry on the specified file for the specified account.
Sub AddFileSecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
' Create a new FileInfo object.
Dim fInfo As New FileInfo(FileName)
' Get a FileSecurity object that represents the
' current security settings.
Dim fSecurity As FileSecurity = fInfo.GetAccessControl()
' Add the FileSystemAccessRule to the security settings.
fSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))
' Set the new access settings.
fInfo.SetAccessControl(fSecurity)
End Sub
' Removes an ACL entry on the specified file for the specified account.
Sub RemoveFileSecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
' Create a new FileInfo object.
Dim fInfo As New FileInfo(FileName)
' Get a FileSecurity object that represents the
' current security settings.
Dim fSecurity As FileSecurity = fInfo.GetAccessControl()
' Add the FileSystemAccessRule to the security settings.
fSecurity.RemoveAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))
' Set the new access settings.
fInfo.SetAccessControl(fSecurity)
End Sub
End Module
'This code produces output similar to the following;
'results may vary based on the computer/file structure/etc.:
'
'Adding access control entry for c:\test.xml
'Removing access control entry from c:\test.xml
'Done.
'
備註
SetAccessControl 方法會將訪問控制清單 (ACL) 專案套用至代表非繼承 ACL 清單的目前檔案。
每當您需要從檔案新增或移除 ACL 專案時,請使用 SetAccessControl 方法。
謹慎
為 fileSecurity 參數指定的 ACL 會取代檔案的現有 ACL。 若要新增新用戶的許可權,請使用 GetAccessControl 方法來取得現有的 ACL、修改它,然後使用 SetAccessControl 將它套用回檔案。
ACL 描述具有或沒有指定檔案上特定動作許可權的個人和群組。 如需詳細資訊,請參閱 如何:新增或移除存取控制清單項目。
SetAccessControl 方法只會保存 FileSecurity 物件建立之後已修改的物件。 如果 FileSecurity 物件尚未修改,則不會保存至檔案。 因此,無法從某個檔案擷取 FileSecurity 物件,並將相同的物件重新套用至另一個檔案。
若要將 ACL 資訊從一個檔案複製到另一個檔案:
使用 GetAccessControl 方法,從來源檔案擷取 FileSecurity 物件。
為目的地檔案建立新的 FileSecurity 物件。
使用來源 FileSecurity 物件的 GetSecurityDescriptorBinaryForm 或 GetSecurityDescriptorSddlForm 方法來擷取 ACL 資訊。
使用 SetSecurityDescriptorBinaryForm 或 SetSecurityDescriptorSddlForm 方法,將步驟 3 中擷取的資訊複製到目的地 FileSecurity 物件。
使用 SetAccessControl 方法,將目的地 FileSecurity 物件設定為目的地檔案。
