Home Library Learn Downloads Support Community
Sign in | United States - English | |
0 out of 1 rated this helpful - Rate this topic

FileSystemAccessRule Class

.NET Framework 4

Represents an abstraction of an access control entry (ACE) that defines an access rule for a file or directory. This class cannot be inherited.

System.Object
  System.Security.AccessControl.AuthorizationRule
    System.Security.AccessControl.AccessRule
      System.Security.AccessControl.FileSystemAccessRule

Namespace:  System.Security.AccessControl
Assembly:  mscorlib (in mscorlib.dll)
C#
C++
F#
VB
Copy 
public sealed class FileSystemAccessRule : AccessRule

The FileSystemAccessRule type exposes the following members.

  Name Description
Public method FileSystemAccessRule(IdentityReference, FileSystemRights, AccessControlType) Initializes a new instance of the FileSystemAccessRule class using a reference to a user account, a value that specifies the type of operation associated with the access rule, and a value that specifies whether to allow or deny the operation.
Public method FileSystemAccessRule(String, FileSystemRights, AccessControlType) Initializes a new instance of the FileSystemAccessRule class using the name of a user account, a value that specifies the type of operation associated with the access rule, and a value that describes whether to allow or deny the operation.
Public method FileSystemAccessRule(IdentityReference, FileSystemRights, InheritanceFlags, PropagationFlags, AccessControlType) Initializes a new instance of the FileSystemAccessRule class using a reference to a user account, a value that specifies the type of operation associated with the access rule, a value that determines how rights are inherited, a value that determines how rights are propagated, and a value that specifies whether to allow or deny the operation.
Public method FileSystemAccessRule(String, FileSystemRights, InheritanceFlags, PropagationFlags, AccessControlType) Initializes a new instance of the FileSystemAccessRule class using the name of a user account, a value that specifies the type of operation associated with the access rule, a value that determines how rights are inherited, a value that determines how rights are propagated, and a value that specifies whether to allow or deny the operation.
Top
  Name Description
Public property AccessControlType Gets the AccessControlType value associated with this AccessRule object. (Inherited from AccessRule.)
Protected property AccessMask Gets the access mask for this rule. (Inherited from AuthorizationRule.)
Public property FileSystemRights Gets the FileSystemRights flags associated with the current FileSystemAccessRule object.
Public property IdentityReference Gets the IdentityReference to which this rule applies. (Inherited from AuthorizationRule.)
Public property InheritanceFlags Gets the value of flags that determine how this rule is inherited by child objects. (Inherited from AuthorizationRule.)
Public property IsInherited Gets a value indicating whether this rule is explicitly set or is inherited from a parent container object. (Inherited from AuthorizationRule.)
Public property PropagationFlags Gets the value of the propagation flags, which determine how inheritance of this rule is propagated to child objects. This property is significant only when the value of the InheritanceFlags enumeration is not None. (Inherited from AuthorizationRule.)
Top
  Name Description
Public method Equals(Object) Determines whether the specified Object is equal to the current Object. (Inherited from Object.)
Protected method Finalize Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public method GetHashCode Serves as a hash function for a particular type. (Inherited from Object.)
Public method GetType Gets the Type of the current instance. (Inherited from Object.)
Protected method MemberwiseClone Creates a shallow copy of the current Object. (Inherited from Object.)
Public method ToString Returns a string that represents the current object. (Inherited from Object.)
Top

The FileSystemAccessRule class represents an abstraction of an underlying access control entry (ACE) that specifies a user account, the type of access to provide (read, write, and so on), and whether to allow or deny that right. This class can also specify how access rules are propagated to child objects.

Use the FileSystemAccessRule class to create a new access rule. You can persist the rule using the FileSecurity or DirectorySecurity class.

The following code example uses the FileSecurity class to add and then remove an access control entry (ACE) from a file. You must supply a valid user or group account to run this example.

C#
C++
VB
Copy 

using System;
using System.IO;
using System.Security.AccessControl;

namespace FileSystemExample
{
    class FileExample
    {
        public static void Main()
        {
            try
            {
                string fileName = "test.xml";

                Console.WriteLine("Adding access control entry for "
                    + fileName);

                // Add the access control entry to the file.
                AddFileSecurity(fileName, @"DomainName\AccountName",
                    FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Removing access control entry from "
                    + fileName);

                // Remove the access control entry from the file.
                RemoveFileSecurity(fileName, @"DomainName\AccountName",
                    FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Done.");
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }
        }

        // Adds an ACL entry on the specified file for the specified account.
        public static void AddFileSecurity(string fileName, string account,
            FileSystemRights rights, AccessControlType controlType)
        {


            // Get a FileSecurity object that represents the
            // current security settings.
            FileSecurity fSecurity = File.GetAccessControl(fileName);

            // Add the FileSystemAccessRule to the security settings.
            fSecurity.AddAccessRule(new FileSystemAccessRule(account,
                rights, controlType));

            // Set the new access settings.
            File.SetAccessControl(fileName, fSecurity);

        }

        // Removes an ACL entry on the specified file for the specified account.
        public static void RemoveFileSecurity(string fileName, string account,
            FileSystemRights rights, AccessControlType controlType)
        {

            // Get a FileSecurity object that represents the
            // current security settings.
            FileSecurity fSecurity = File.GetAccessControl(fileName);

            // Remove the FileSystemAccessRule from the security settings.
            fSecurity.RemoveAccessRule(new FileSystemAccessRule(account,
                rights, controlType));

            // Set the new access settings.
            File.SetAccessControl(fileName, fSecurity);

        }
    }
}

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Did you find this helpful?
(1500 characters remaining)
Community Content Add
Annotations FAQ