MessageQueue.SetPermissions Method (AccessControlList)


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Assigns access rights to the queue based on the contents of an access control list.

Namespace:   System.Messaging
Assembly:  System.Messaging (in System.Messaging.dll)

public void SetPermissions(
	AccessControlList dacl


Type: System.Messaging.AccessControlList

A AccessControlList that contains one or more access control entries that specify the trustees and the permissions to grant.

Exception Condition

An error occurred when accessing a Message Queuing method.

Use this overload to grant, deny, or revoke rights by using a collection of access control entries to specify trustee and permissions information. This is used, for example, to grant permissions to multiple users at the same time.

The trustee you specify when you construct the ace parameter can be an individual user, a group of users, or a computer. If the trustee is an individual, use the format DOMAIN\user. You can specify "." for the trustee to indicate the local computer.

The permissions you assign through SetPermissions add rights to the existing list. By default, the creator of a public or private queue has full control, and the domain group Everyone has permission to get queue properties, get permissions, and write to the queue. When you call SetPermissions, the user and permissions information is appended to the bottom of the existing list.

The system examines each AccessControlEntry in sequence until one of the following events occurs:

  • An access-denied AccessControlEntry explicitly denies any of the requested access rights to one of the trustees listed in the thread's access token.

  • One or more access-allowed AccessControlEntry items for trustees listed in the thread's access token explicitly grant all the requested access rights.

  • All AccessControlEntry items have been checked and there is still at least one requested access right that has not been explicitly allowed, in which case, access is implicitly denied.

When you construct the dacl parameter, you add AccessControlEntry instances to your AccessControlList collection. When you construct each access control entry, you can specify generic or standard access rights. The rights to a queue can be any combination of the following:

  • Delete

  • Read Security

  • Write Security

  • Synchronize

  • Modify Owner

  • Read

  • Write

  • Execute

  • Required

  • All

  • None

These rights are a set of bit flags that you can combine using the OR bitwise operator.

  • Full Control

  • Delete Message

  • Receive Message

  • Peek Message

  • Receive Journal Message

  • Get Queue Properties

  • Set Queue Properties

  • Get Permissions

  • Set Permissions

  • Take Queue Ownership

  • Write Message

The following table shows whether this method is available in various Workgroup modes.

Workgroup mode


Local computer


Local computer and direct format name


Remote computer


Remote computer and direct format name


       // Connect to a queue on the local computer.
       MessageQueue queue = new MessageQueue(".\\exampleQueue");

       // Create an AccessControlList.
       AccessControlList list = new AccessControlList();

       // Create a new trustee to represent the "Everyone" user group.
       Trustee tr = new Trustee("Everyone");

       // Create an AccessControlEntry, granting the trustee read access to
       // the queue.
       AccessControlEntry entry = new AccessControlEntry(
           tr, GenericAccessRights.Read,

       // Add the AccessControlEntry to the AccessControlList.

       // Apply the AccessControlList to the queue.

.NET Framework
Available since 1.1
Return to top