0 out of 1 rated this helpful - Rate this topic

FileSystemSecurity Class

.NET Framework 4

Represents the access control and audit security for a file or directory.

System.Object
  System.Security.AccessControl.ObjectSecurity
    System.Security.AccessControl.CommonObjectSecurity
      System.Security.AccessControl.NativeObjectSecurity
        System.Security.AccessControl.FileSystemSecurity
          System.Security.AccessControl.DirectorySecurity
          System.Security.AccessControl.FileSecurity

Namespace: System.Security.AccessControl
Assembly: mscorlib (in mscorlib.dll)

Syntax

C++

Copy

public abstract class FileSystemSecurity : NativeObjectSecurity

The FileSystemSecurity type exposes the following members.

Properties

	Name	Description
	AccessRightType	Gets the enumeration that the FileSystemSecurity class uses to represent access rights. (Overrides ObjectSecurity.AccessRightType.)
	AccessRulesModified	Gets or sets a Boolean value that specifies whether the access rules associated with this ObjectSecurity object have been modified. (Inherited from ObjectSecurity.)
	AccessRuleType	Gets the enumeration that the FileSystemSecurity class uses to represent access rules. (Overrides ObjectSecurity.AccessRuleType.)
	AreAccessRulesCanonical	Gets a Boolean value that specifies whether the access rules associated with this ObjectSecurity object are in canonical order. (Inherited from ObjectSecurity.)
	AreAccessRulesProtected	Gets a Boolean value that specifies whether the Discretionary Access Control List (DACL) associated with this ObjectSecurity object is protected. (Inherited from ObjectSecurity.)
	AreAuditRulesCanonical	Gets a Boolean value that specifies whether the audit rules associated with this ObjectSecurity object are in canonical order. (Inherited from ObjectSecurity.)
	AreAuditRulesProtected	Gets a Boolean value that specifies whether the System Access Control List (SACL) associated with this ObjectSecurity object is protected. (Inherited from ObjectSecurity.)
	AuditRulesModified	Gets or sets a Boolean value that specifies whether the audit rules associated with this ObjectSecurity object have been modified. (Inherited from ObjectSecurity.)
	AuditRuleType	Gets the type that the FileSystemSecurity class uses to represent audit rules. (Overrides ObjectSecurity.AuditRuleType.)
	GroupModified	Gets or sets a Boolean value that specifies whether the group associated with the securable object has been modified. (Inherited from ObjectSecurity.)
	IsContainer	Gets a Boolean value that specifies whether this ObjectSecurity object is a container object. (Inherited from ObjectSecurity.)
	IsDS	Gets a Boolean value that specifies whether this ObjectSecurity object is a directory object. (Inherited from ObjectSecurity.)
	OwnerModified	Gets or sets a Boolean value that specifies whether the owner of the securable object has been modified. (Inherited from ObjectSecurity.)

Top

Methods

	Name	Description
	AccessRuleFactory	Initializes a new instance of the FileSystemAccessRule class that represents a new access control rule for the specified user, with the specified access rights, access control, and flags. (Overrides ObjectSecurity.AccessRuleFactory(IdentityReference, Int32, Boolean, InheritanceFlags, PropagationFlags, AccessControlType).)
	AddAccessRule(AccessRule)	Adds the specified access rule to the Discretionary Access Control List (DACL) associated with this CommonObjectSecurity object. (Inherited from CommonObjectSecurity.)
	AddAccessRule(FileSystemAccessRule)	Adds the specified access control list (ACL) permission to the current file or directory.
	AddAuditRule(AuditRule)	Adds the specified audit rule to the System Access Control List (SACL) associated with this CommonObjectSecurity object. (Inherited from CommonObjectSecurity.)
	AddAuditRule(FileSystemAuditRule)	Adds the specified audit rule to the current file or directory.
	AuditRuleFactory	Initializes a new instance of the FileSystemAuditRule class representing the specified audit rule for the specified user. (Overrides ObjectSecurity.AuditRuleFactory(IdentityReference, Int32, Boolean, InheritanceFlags, PropagationFlags, AuditFlags).)
	Equals(Object)	Determines whether the specified Object is equal to the current Object. (Inherited from Object.)
	Finalize	Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
	GetAccessRules	Gets a collection of the access rules associated with the specified security identifier. (Inherited from CommonObjectSecurity.)
	GetAuditRules	Gets a collection of the audit rules associated with the specified security identifier. (Inherited from CommonObjectSecurity.)
	GetGroup	Gets the primary group associated with the specified owner. (Inherited from ObjectSecurity.)
	GetHashCode	Serves as a hash function for a particular type. (Inherited from Object.)
	GetOwner	Gets the owner associated with the specified primary group. (Inherited from ObjectSecurity.)
	GetSecurityDescriptorBinaryForm	Returns an array of byte values that represents the security descriptor information for this ObjectSecurity object. (Inherited from ObjectSecurity.)
	GetSecurityDescriptorSddlForm	Returns the Security Descriptor Definition Language (SDDL) representation of the specified sections of the security descriptor associated with this ObjectSecurity object. (Inherited from ObjectSecurity.)
	GetType	Gets the Type of the current instance. (Inherited from Object.)
	MemberwiseClone	Creates a shallow copy of the current Object. (Inherited from Object.)
	ModifyAccess	Applies the specified modification to the Discretionary Access Control List (DACL) associated with this CommonObjectSecurity object. (Inherited from CommonObjectSecurity.)
	ModifyAccessRule	Applies the specified modification to the Discretionary Access Control List (DACL) associated with this ObjectSecurity object. (Inherited from ObjectSecurity.)
	ModifyAudit	Applies the specified modification to the System Access Control List (SACL) associated with this CommonObjectSecurity object. (Inherited from CommonObjectSecurity.)
	ModifyAuditRule	Applies the specified modification to the System Access Control List (SACL) associated with this ObjectSecurity object. (Inherited from ObjectSecurity.)
	Persist(SafeHandle, AccessControlSections)	Saves the specified sections of the security descriptor associated with this NativeObjectSecurity object to permanent storage. We recommend that the values of the includeSections parameters passed to the constructor and persist methods be identical. For more information, see Remarks. (Inherited from NativeObjectSecurity.)
	Persist(String, AccessControlSections)	Saves the specified sections of the security descriptor associated with this NativeObjectSecurity object to permanent storage. We recommend that the values of the includeSections parameters passed to the constructor and persist methods be identical. For more information, see Remarks. (Inherited from NativeObjectSecurity.)
	Persist(Boolean, String, AccessControlSections)	Saves the specified sections of the security descriptor associated with this ObjectSecurity object to permanent storage. We recommend that the values of the includeSections parameters passed to the constructor and persist methods be identical. For more information, see Remarks. (Inherited from ObjectSecurity.)
	Persist(SafeHandle, AccessControlSections, Object)	Saves the specified sections of the security descriptor associated with this NativeObjectSecurity object to permanent storage. We recommend that the values of the includeSections parameters passed to the constructor and persist methods be identical. For more information, see Remarks. (Inherited from NativeObjectSecurity.)
	Persist(String, AccessControlSections, Object)	Saves the specified sections of the security descriptor associated with this NativeObjectSecurity object to permanent storage. We recommend that the values of the includeSections parameters passed to the constructor and persist methods be identical. For more information, see Remarks. (Inherited from NativeObjectSecurity.)
	PurgeAccessRules	Removes all access rules associated with the specified IdentityReference. (Inherited from ObjectSecurity.)
	PurgeAuditRules	Removes all audit rules associated with the specified IdentityReference. (Inherited from ObjectSecurity.)
	ReadLock	Locks this ObjectSecurity object for read access. (Inherited from ObjectSecurity.)
	ReadUnlock	Unlocks this ObjectSecurity object for read access. (Inherited from ObjectSecurity.)
	RemoveAccessRule(AccessRule)	Removes access rules that contain the same security identifier and access mask as the specified access rule from the Discretionary Access Control List (DACL) associated with this CommonObjectSecurity object. (Inherited from CommonObjectSecurity.)
	RemoveAccessRule(FileSystemAccessRule)	Removes all matching allow or deny access control list (ACL) permissions from the current file or directory.
	RemoveAccessRuleAll(AccessRule)	Removes all access rules that have the same security identifier as the specified access rule from the Discretionary Access Control List (DACL) associated with this CommonObjectSecurity object. (Inherited from CommonObjectSecurity.)
	RemoveAccessRuleAll(FileSystemAccessRule)	Removes all access control list (ACL) permissions for the specified user from the current file or directory.
	RemoveAccessRuleSpecific(AccessRule)	Removes all access rules that exactly match the specified access rule from the Discretionary Access Control List (DACL) associated with this CommonObjectSecurity object. (Inherited from CommonObjectSecurity.)
	RemoveAccessRuleSpecific(FileSystemAccessRule)	Removes a single matching allow or deny access control list (ACL) permission from the current file or directory.
	RemoveAuditRule(AuditRule)	Removes audit rules that contain the same security identifier and access mask as the specified audit rule from the System Access Control List (SACL) associated with this CommonObjectSecurity object. (Inherited from CommonObjectSecurity.)
	RemoveAuditRule(FileSystemAuditRule)	Removes all matching allow or deny audit rules from the current file or directory.
	RemoveAuditRuleAll(AuditRule)	Removes all audit rules that have the same security identifier as the specified audit rule from the System Access Control List (SACL) associated with this CommonObjectSecurity object. (Inherited from CommonObjectSecurity.)
	RemoveAuditRuleAll(FileSystemAuditRule)	Removes all audit rules for the specified user from the current file or directory.
	RemoveAuditRuleSpecific(AuditRule)	Removes all audit rules that exactly match the specified audit rule from the System Access Control List (SACL) associated with this CommonObjectSecurity object. (Inherited from CommonObjectSecurity.)
	RemoveAuditRuleSpecific(FileSystemAuditRule)	Removes a single matching allow or deny audit rule from the current file or directory.
	ResetAccessRule(AccessRule)	Removes all access rules in the Discretionary Access Control List (DACL) associated with this CommonObjectSecurity object and then adds the specified access rule. (Inherited from CommonObjectSecurity.)
	ResetAccessRule(FileSystemAccessRule)	Adds the specified access control list (ACL) permission to the current file or directory and removes all matching ACL permissions.
	SetAccessRule(AccessRule)	Removes all access rules that contain the same security identifier and qualifier as the specified access rule in the Discretionary Access Control List (DACL) associated with this CommonObjectSecurity object and then adds the specified access rule. (Inherited from CommonObjectSecurity.)
	SetAccessRule(FileSystemAccessRule)	Sets the specified access control list (ACL) permission for the current file or directory.
	SetAccessRuleProtection	Sets or removes protection of the access rules associated with this ObjectSecurity object. Protected access rules cannot be modified by parent objects through inheritance. (Inherited from ObjectSecurity.)
	SetAuditRule(AuditRule)	Removes all audit rules that contain the same security identifier and qualifier as the specified audit rule in the System Access Control List (SACL) associated with this CommonObjectSecurity object and then adds the specified audit rule. (Inherited from CommonObjectSecurity.)
	SetAuditRule(FileSystemAuditRule)	Sets the specified audit rule for the current file or directory.
	SetAuditRuleProtection	Sets or removes protection of the audit rules associated with this ObjectSecurity object. Protected audit rules cannot be modified by parent objects through inheritance. (Inherited from ObjectSecurity.)
	SetGroup	Sets the primary group for the security descriptor associated with this ObjectSecurity object. (Inherited from ObjectSecurity.)
	SetOwner	Sets the owner for the security descriptor associated with this ObjectSecurity object. (Inherited from ObjectSecurity.)
	SetSecurityDescriptorBinaryForm(Byte[])	Sets the security descriptor for this ObjectSecurity object from the specified array of byte values. (Inherited from ObjectSecurity.)
	SetSecurityDescriptorBinaryForm(Byte[], AccessControlSections)	Sets the specified sections of the security descriptor for this ObjectSecurity object from the specified array of byte values. (Inherited from ObjectSecurity.)
	SetSecurityDescriptorSddlForm(String)	Sets the security descriptor for this ObjectSecurity object from the specified Security Descriptor Definition Language (SDDL) string. (Inherited from ObjectSecurity.)
	SetSecurityDescriptorSddlForm(String, AccessControlSections)	Sets the specified sections of the security descriptor for this ObjectSecurity object from the specified Security Descriptor Definition Language (SDDL) string. (Inherited from ObjectSecurity.)
	ToString	Returns a string that represents the current object. (Inherited from Object.)
	WriteLock	Locks this ObjectSecurity object for write access. (Inherited from ObjectSecurity.)
	WriteUnlock	Unlocks this ObjectSecurity object for write access. (Inherited from ObjectSecurity.)

Top

Remarks

The FileSystemSecurity class is the base class for the FileSecurity and DirectorySecurity classes. These classes represent all of the access rights for a system file or directory and define how access attempts are audited.

The FileSystemSecurity class represents access and audit rights as a set of rules. Each access rule is represented by a FileSystemAccessRule object, while each audit rule is represented by a FileSystemAuditRule object.

The FileSystemSecurity class is an abstraction of the underlying Microsoft Windows file security system. In this system, each file or directory has a discretionary access control list (DACL), which controls access to the file or directory, and a system access control list (SACL), which specifies the access control attempts that are audited. The FileSystemAccessRule and FileSystemAuditRule classes are abstractions of access control entries (ACEs) that comprise DACLs and SACLs.

The FileSystemSecurity class hides many of details of DACLs and SACLs; you do not have to worry about ACE ordering or null DACLS.

To persist new or changed access control list (ACL) information to a file, use the SetAccessControl or SetAccessControl method. To persist new or changed ACL information to a directory, use the SetAccessControl or SetAccessControl method.

To retrieve ACL information from a file, use the GetAccessControl or GetAccessControl method. To retrieve ACL information from a directory, use the GetAccessControl or GetAccessControl method.

Examples

The following code example uses the FileSecurity class to add and then remove an access control list (ACL) entry from a file. You must supply a valid user or group account to run this example.

C++

Copy


using System;
using System.IO;
using System.Security.AccessControl;

namespace FileSystemExample
{
    class FileExample
    {
        public static void Main()
        {
            try
            {
                string fileName = "test.xml";

                Console.WriteLine("Adding access control entry for "
                    + fileName);

                // Add the access control entry to the file.
                AddFileSecurity(fileName, @"DomainName\AccountName",
                    FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Removing access control entry from "
                    + fileName);

                // Remove the access control entry from the file.
                RemoveFileSecurity(fileName, @"DomainName\AccountName",
                    FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Done.");
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }
        }

        // Adds an ACL entry on the specified file for the specified account.
        public static void AddFileSecurity(string fileName, string account,
            FileSystemRights rights, AccessControlType controlType)
        {


            // Get a FileSecurity object that represents the
            // current security settings.
            FileSecurity fSecurity = File.GetAccessControl(fileName);

            // Add the FileSystemAccessRule to the security settings.
            fSecurity.AddAccessRule(new FileSystemAccessRule(account,
                rights, controlType));

            // Set the new access settings.
            File.SetAccessControl(fileName, fSecurity);

        }

        // Removes an ACL entry on the specified file for the specified account.
        public static void RemoveFileSecurity(string fileName, string account,
            FileSystemRights rights, AccessControlType controlType)
        {

            // Get a FileSecurity object that represents the
            // current security settings.
            FileSecurity fSecurity = File.GetAccessControl(fileName);

            // Remove the FileSystemAccessRule from the security settings.
            fSecurity.RemoveAccessRule(new FileSystemAccessRule(account,
                rights, controlType));

            // Set the new access settings.
            File.SetAccessControl(fileName, fSecurity);

        }
    }
}

Version Information

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Platforms

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Reference

System.Security.AccessControl Namespace

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Content Add

FAQ