Directory.SetAccessControl(String, DirectorySecurity) 方法
定义
重要
一些信息与预发行产品相关,相应产品在发行之前可能会进行重大修改。 对于此处提供的信息,Microsoft 不作任何明示或暗示的担保。
将 DirectorySecurity 对象描述的访问控制列表 (ACL) 项应用于指定的目录。
public:
static void SetAccessControl(System::String ^ path, System::Security::AccessControl::DirectorySecurity ^ directorySecurity);public static void SetAccessControl (string path, System.Security.AccessControl.DirectorySecurity directorySecurity);static member SetAccessControl : string * System.Security.AccessControl.DirectorySecurity -> unitPublic Shared Sub SetAccessControl (path As String, directorySecurity As DirectorySecurity)参数
- path
- String
要从中添加或移除访问控制列表 (ACL) 项的目录。
- directorySecurity
- DirectorySecurity
一个 DirectorySecurity 对象,描述要应用于 path 参数所描述的目录的 ACL 项。
例外
directorySecurity 参数为 null。
找不到该目录。
path 无效。
示例
以下示例使用 GetAccessControl 和 SetAccessControl 方法 (ACL) 项添加访问控制列表,然后从目录中删除 ACL 条目。 你必须提供有效的用户或组帐户以运行此示例。
using namespace System;
using namespace System::IO;
using namespace System::Security::AccessControl;
// Adds an ACL entry on the specified directory for the
// specified account.
void AddDirectorySecurity(String^ directoryName, String^ account,
FileSystemRights rights, AccessControlType controlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo^ dInfo = gcnew DirectoryInfo(directoryName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity^ dSecurity = dInfo->GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity->AddAccessRule( gcnew FileSystemAccessRule(account,
rights, controlType));
// Set the new access settings.
dInfo->SetAccessControl(dSecurity);
}
// Removes an ACL entry on the specified directory for the
// specified account.
void RemoveDirectorySecurity(String^ directoryName, String^ account,
FileSystemRights rights, AccessControlType controlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo^ dInfo = gcnew DirectoryInfo(directoryName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity^ dSecurity = dInfo->GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity->RemoveAccessRule(gcnew FileSystemAccessRule(account,
rights, controlType));
// Set the new access settings.
dInfo->SetAccessControl(dSecurity);
}
int main()
{
String^ directoryName = "TestDirectory";
String^ accountName = "MYDOMAIN\\MyAccount";
if (!Directory::Exists(directoryName))
{
Console::WriteLine("The directory {0} could not be found.",
directoryName);
return 0;
}
try
{
Console::WriteLine("Adding access control entry for {0}",
directoryName);
// Add the access control entry to the directory.
AddDirectorySecurity(directoryName, accountName,
FileSystemRights::ReadData, AccessControlType::Allow);
Console::WriteLine("Removing access control entry from {0}",
directoryName);
// Remove the access control entry from the directory.
RemoveDirectorySecurity(directoryName, accountName,
FileSystemRights::ReadData, AccessControlType::Allow);
Console::WriteLine("Done.");
}
catch (UnauthorizedAccessException^)
{
Console::WriteLine("You are not authorised to carry" +
" out this procedure.");
}
catch (System::Security::Principal::
IdentityNotMappedException^)
{
Console::WriteLine("The account {0} could not be found.", accountName);
}
}
using System;
using System.IO;
using System.Security.AccessControl;
namespace FileSystemExample
{
class DirectoryExample
{
public static void Main()
{
try
{
string DirectoryName = "TestDirectory";
Console.WriteLine("Adding access control entry for " + DirectoryName);
// Add the access control entry to the directory.
AddDirectorySecurity(DirectoryName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow);
Console.WriteLine("Removing access control entry from " + DirectoryName);
// Remove the access control entry from the directory.
RemoveDirectorySecurity(DirectoryName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow);
Console.WriteLine("Done.");
}
catch (Exception e)
{
Console.WriteLine(e);
}
Console.ReadLine();
}
// Adds an ACL entry on the specified directory for the specified account.
public static void AddDirectorySecurity(string DirectoryName, string Account, FileSystemRights Rights, AccessControlType ControlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(DirectoryName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.AddAccessRule(new FileSystemAccessRule(Account,
Rights,
ControlType));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
// Removes an ACL entry on the specified directory for the specified account.
public static void RemoveDirectorySecurity(string DirectoryName, string Account, FileSystemRights Rights, AccessControlType ControlType)
{
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(DirectoryName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
dSecurity.RemoveAccessRule(new FileSystemAccessRule(Account,
Rights,
ControlType));
// Set the new access settings.
dInfo.SetAccessControl(dSecurity);
}
}
}
open System
open System.IO
open System.Security.AccessControl
// Adds an ACL entry on the specified directory for the specified account.
let addDirectorySecurity fileName (account: string) rights controlType =
// Create a new DirectoryInfo object.
let dInfo = DirectoryInfo fileName
// Get a DirectorySecurity object that represents the
// current security settings.
let dSecurity = dInfo.GetAccessControl()
// Add the FileSystemAccessRule to the security settings.
dSecurity.AddAccessRule(FileSystemAccessRule(account, rights, controlType))
// Set the new access settings.
dInfo.SetAccessControl dSecurity
// Removes an ACL entry on the specified directory for the specified account.
let removeDirectorySecurity fileName (account: string) rights controlType =
// Create a new DirectoryInfo object.
let dInfo = DirectoryInfo fileName
// Get a DirectorySecurity object that represents the
// current security settings.
let dSecurity = dInfo.GetAccessControl()
// Add the FileSystemAccessRule to the security settings.
dSecurity.RemoveAccessRule(FileSystemAccessRule(account, rights, controlType)) |> ignore
// Set the new access settings.
dInfo.SetAccessControl dSecurity
try
let DirectoryName = "TestDirectory"
printfn $"Adding access control entry for {DirectoryName}"
// Add the access control entry to the directory.
addDirectorySecurity DirectoryName @"MYDOMAIN\MyAccount" FileSystemRights.ReadData AccessControlType.Allow
printfn $"Removing access control entry from {DirectoryName}"
// Remove the access control entry from the directory.
removeDirectorySecurity DirectoryName @"MYDOMAIN\MyAccount" FileSystemRights.ReadData AccessControlType.Allow
printfn "Done."
with e ->
printfn $"{e}"
Imports System.IO
Imports System.Security.AccessControl
Module DirectoryExample
Sub Main()
Try
Dim DirectoryName As String = "TestDirectory"
Console.WriteLine("Adding access control entry for " + DirectoryName)
' Add the access control entry to the directory.
AddDirectorySecurity(DirectoryName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow)
Console.WriteLine("Removing access control entry from " + DirectoryName)
' Remove the access control entry from the directory.
RemoveDirectorySecurity(DirectoryName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow)
Console.WriteLine("Done.")
Catch e As Exception
Console.WriteLine(e)
End Try
Console.ReadLine()
End Sub
' Adds an ACL entry on the specified directory for the specified account.
Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
' Create a new DirectoryInfoobject.
Dim dInfo As New DirectoryInfo(FileName)
' Get a DirectorySecurity object that represents the
' current security settings.
Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()
' Add the FileSystemAccessRule to the security settings.
dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))
' Set the new access settings.
dInfo.SetAccessControl(dSecurity)
End Sub
' Removes an ACL entry on the specified directory for the specified account.
Sub RemoveDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
' Create a new DirectoryInfo object.
Dim dInfo As New DirectoryInfo(FileName)
' Get a DirectorySecurity object that represents the
' current security settings.
Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()
' Add the FileSystemAccessRule to the security settings.
dSecurity.RemoveAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))
' Set the new access settings.
dInfo.SetAccessControl(dSecurity)
End Sub
End Module
注解
方法 SetAccessControl 将访问控制列表 (ACL) 项应用于表示非遗传 ACL 列表的文件。
注意
为 directorySecurity 参数指定的 ACL 将替换目录的现有 ACL。 若要为新用户添加权限,请使用 GetAccessControl 方法获取现有 ACL 并对其进行修改。
ACL 描述对给定文件或目录具有或没有特定操作权限的个人和/或组。 有关详细信息,请参阅如何:添加或删除访问控制列表条目。
方法 SetAccessControl 仅 DirectorySecurity 保留创建对象后已修改的对象。 DirectorySecurity如果对象尚未修改,则不会将其保存到文件中。 因此,无法从一个文件检索对象并将同一 DirectorySecurity 对象重新应用到另一个文件。
将 ACL 信息从一个文件复制到另一个文件:
GetAccessControl使用 方法从源文件中检索 DirectorySecurity 对象。
为目标文件创建新 DirectorySecurity 对象。
GetSecurityDescriptorBinaryForm使用源DirectorySecurity对象的 或 GetSecurityDescriptorSddlForm 方法检索 ACL 信息。
SetSecurityDescriptorBinaryForm使用 或 SetSecurityDescriptorSddlForm 方法将步骤 3 中检索到的信息复制到目标DirectorySecurity对象。
使用 SetAccessControl 方法将目标DirectorySecurity对象设置为目标文件。
在 NTFS 环境中,ReadAttributes如果用户对父文件夹具有ListDirectory权限,则会向用户授予 和 ReadExtendedAttributes 。 若要拒绝 ReadAttributes 和 ReadExtendedAttributes,请在父目录上拒绝 ListDirectory 。
适用于
另请参阅
反馈
即将发布:在整个 2024 年,我们将逐步淘汰作为内容反馈机制的“GitHub 问题”,并将其取代为新的反馈系统。 有关详细信息,请参阅:https://aka.ms/ContentUserFeedback。
提交和查看相关反馈