DirectoryInfo::GetAccessControl Method ()
Gets a DirectorySecurity object that encapsulates the access control list (ACL) entries for the directory described by the current DirectoryInfo object.
Assembly: mscorlib (in mscorlib.dll)
Return Value
Type: System.Security.AccessControl::DirectorySecurity^A DirectorySecurity object that encapsulates the access control rules for the directory.
| Exception | Condition |
|---|---|
| SystemException | The directory could not be found or modified. |
| UnauthorizedAccessException | The current process does not have access to open the directory. |
| IOException | An I/O error occurred while opening the directory. |
| PlatformNotSupportedException | The current operating system is not Microsoft Windows 2000 or later. |
| UnauthorizedAccessException | The directory is read-only. -or- This operation is not supported on the current platform. -or- The caller does not have the required permission. |
Calling this method overload is equivalent to calling the GetAccessControl method overload and specifying the access control sections AccessControlSections::Access | AccessControlSections::Owner | AccessControlSections::Group (AccessControlSections::AccessOrAccessControlSections::OwnerOrAccessControlSections::Group in Visual Basic).
Use the GetAccessControl method to retrieve the access control list (ACL) entries for the current file.
An ACL describes individuals and/or groups who have, or do not have, rights to specific actions on the given file or directory. For more information, see How to: Add or Remove Access Control List Entries.
The following example uses the GetAccessControl and SetAccessControl methods to add and then remove an access control list (ACL) entry from a directory.
using namespace System; using namespace System::IO; using namespace System::Security::AccessControl; // Adds an ACL entry on the specified directory for the // specified account. void AddDirectorySecurity(String^ directoryName, String^ account, FileSystemRights rights, AccessControlType controlType) { // Create a new DirectoryInfo object. DirectoryInfo^ dInfo = gcnew DirectoryInfo(directoryName); // Get a DirectorySecurity object that represents the // current security settings. DirectorySecurity^ dSecurity = dInfo->GetAccessControl(); // Add the FileSystemAccessRule to the security settings. dSecurity->AddAccessRule( gcnew FileSystemAccessRule(account, rights, controlType)); // Set the new access settings. dInfo->SetAccessControl(dSecurity); } // Removes an ACL entry on the specified directory for the // specified account. void RemoveDirectorySecurity(String^ directoryName, String^ account, FileSystemRights rights, AccessControlType controlType) { // Create a new DirectoryInfo object. DirectoryInfo^ dInfo = gcnew DirectoryInfo(directoryName); // Get a DirectorySecurity object that represents the // current security settings. DirectorySecurity^ dSecurity = dInfo->GetAccessControl(); // Add the FileSystemAccessRule to the security settings. dSecurity->RemoveAccessRule(gcnew FileSystemAccessRule(account, rights, controlType)); // Set the new access settings. dInfo->SetAccessControl(dSecurity); } int main() { String^ directoryName = "TestDirectory"; String^ accountName = "MYDOMAIN\\MyAccount"; if (!Directory::Exists(directoryName)) { Console::WriteLine("The directory {0} could not be found.", directoryName); return 0; } try { Console::WriteLine("Adding access control entry for {0}", directoryName); // Add the access control entry to the directory. AddDirectorySecurity(directoryName, accountName, FileSystemRights::ReadData, AccessControlType::Allow); Console::WriteLine("Removing access control entry from {0}", directoryName); // Remove the access control entry from the directory. RemoveDirectorySecurity(directoryName, accountName, FileSystemRights::ReadData, AccessControlType::Allow); Console::WriteLine("Done."); } catch (UnauthorizedAccessException^) { Console::WriteLine("You are not authorised to carry" + " out this procedure."); } catch (System::Security::Principal:: IdentityNotMappedException^) { Console::WriteLine("The account {0} could not be found.", accountName); } }
for permission to enumerate an access control list (ACL) for a directory. Security action: Demand. Associated enumerations: FileIOPermissionAccess::NoAccess, AccessControlActions::View
Available since 2.0