DirectoryInfo.SetAccessControl(DirectorySecurity) 메서드

정의

DirectorySecurity 개체에서 설명하는 ACL(액세스 제어 목록) 항목을 현재 DirectoryInfo 개체에서 설명하는 디렉터리에 적용합니다.Applies access control list (ACL) entries described by a DirectorySecurity object to the directory described by the current DirectoryInfo object.

public:
 void SetAccessControl(System::Security::AccessControl::DirectorySecurity ^ directorySecurity);
public void SetAccessControl (System.Security.AccessControl.DirectorySecurity directorySecurity);
member this.SetAccessControl : System.Security.AccessControl.DirectorySecurity -> unit
Public Sub SetAccessControl (directorySecurity As DirectorySecurity)

매개 변수

directorySecurity
DirectorySecurity

path 매개 변수에서 설명하는 디렉터리에 적용할 ACL 항목을 설명하는 개체입니다.An object that describes an ACL entry to apply to the directory described by the path parameter.

예외

directorySecurity 매개 변수는 null입니다.The directorySecurity parameter is null.

파일을 찾을 수 없거나 수정할 수 없습니다.The file could not be found or modified.

현재 프로세스에 파일을 열 수 있는 액세스 권한이 없습니다.The current process does not have access to open the file.

예제

다음 예제에서는 GetAccessControlSetAccessControl 메서드를 사용 하 여 디렉터리에서 ACL (액세스 제어 목록) 항목을 추가 하 고 제거 합니다.The following example uses the GetAccessControl and SetAccessControl methods to add and then remove an access control list (ACL) entry from a directory.

using namespace System;
using namespace System::IO;
using namespace System::Security::AccessControl;

// Adds an ACL entry on the specified directory for the
// specified account.
void AddDirectorySecurity(String^ directoryName, String^ account, 
     FileSystemRights rights, AccessControlType controlType)
{
    // Create a new DirectoryInfo object.
    DirectoryInfo^ dInfo = gcnew DirectoryInfo(directoryName);

    // Get a DirectorySecurity object that represents the
    // current security settings.
    DirectorySecurity^ dSecurity = dInfo->GetAccessControl();

    // Add the FileSystemAccessRule to the security settings.
    dSecurity->AddAccessRule( gcnew FileSystemAccessRule(account,
        rights, controlType));

    // Set the new access settings.
    dInfo->SetAccessControl(dSecurity);
}

// Removes an ACL entry on the specified directory for the
// specified account.
void RemoveDirectorySecurity(String^ directoryName, String^ account,
     FileSystemRights rights, AccessControlType controlType)
{
    // Create a new DirectoryInfo object.
    DirectoryInfo^ dInfo = gcnew DirectoryInfo(directoryName);

    // Get a DirectorySecurity object that represents the
    // current security settings.
    DirectorySecurity^ dSecurity = dInfo->GetAccessControl();

    // Add the FileSystemAccessRule to the security settings.
    dSecurity->RemoveAccessRule(gcnew FileSystemAccessRule(account,
        rights, controlType));

    // Set the new access settings.
    dInfo->SetAccessControl(dSecurity);
}    

int main()
{
    String^ directoryName = "TestDirectory";
    String^ accountName = "MYDOMAIN\\MyAccount";
    if (!Directory::Exists(directoryName))
    {
        Console::WriteLine("The directory {0} could not be found.", 
            directoryName);
        return 0;
    }
    try
    {
        Console::WriteLine("Adding access control entry for {0}",
            directoryName);

        // Add the access control entry to the directory.
        AddDirectorySecurity(directoryName, accountName,
            FileSystemRights::ReadData, AccessControlType::Allow);

        Console::WriteLine("Removing access control entry from {0}",
            directoryName);

        // Remove the access control entry from the directory.
        RemoveDirectorySecurity(directoryName, accountName, 
            FileSystemRights::ReadData, AccessControlType::Allow);

        Console::WriteLine("Done.");
    }
    catch (UnauthorizedAccessException^)
    {
        Console::WriteLine("You are not authorised to carry" +
            " out this procedure.");
    }
    catch (System::Security::Principal::
        IdentityNotMappedException^)
    {
        Console::WriteLine("The account {0} could not be found.", accountName);
    }
}

using System;
using System.IO;
using System.Security.AccessControl;

namespace FileSystemExample
{
    class DirectoryExample
    {
        public static void Main()
        {
            try
            {
                string DirectoryName = "TestDirectory";

                Console.WriteLine("Adding access control entry for " + DirectoryName);

                // Add the access control entry to the directory.
                AddDirectorySecurity(DirectoryName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Removing access control entry from " + DirectoryName);

                // Remove the access control entry from the directory.
                RemoveDirectorySecurity(DirectoryName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Done.");
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }

            Console.ReadLine();
        }

        // Adds an ACL entry on the specified directory for the specified account.
        public static void AddDirectorySecurity(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
        {
            // Create a new DirectoryInfo object.
            DirectoryInfo dInfo = new DirectoryInfo(FileName);

            // Get a DirectorySecurity object that represents the
            // current security settings.
            DirectorySecurity dSecurity = dInfo.GetAccessControl();

            // Add the FileSystemAccessRule to the security settings.
            dSecurity.AddAccessRule(new FileSystemAccessRule(Account,
                                                            Rights,
                                                            ControlType));

            // Set the new access settings.
            dInfo.SetAccessControl(dSecurity);
        }

        // Removes an ACL entry on the specified directory for the specified account.
        public static void RemoveDirectorySecurity(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
        {
            // Create a new DirectoryInfo object.
            DirectoryInfo dInfo = new DirectoryInfo(FileName);

            // Get a DirectorySecurity object that represents the
            // current security settings.
            DirectorySecurity dSecurity = dInfo.GetAccessControl();

            // Add the FileSystemAccessRule to the security settings.
            dSecurity.RemoveAccessRule(new FileSystemAccessRule(Account,
                                                            Rights,
                                                            ControlType));

            // Set the new access settings.
            dInfo.SetAccessControl(dSecurity);
        }
    }
}

Imports System.IO
Imports System.Security.AccessControl



Module DirectoryExample

    Sub Main()
        Try
            Dim DirectoryName As String = "TestDirectory"

            Console.WriteLine("Adding access control entry for " + DirectoryName)

            ' Add the access control entry to the directory.
            AddDirectorySecurity(DirectoryName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Removing access control entry from " + DirectoryName)

            ' Remove the access control entry from the directory.
            RemoveDirectorySecurity(DirectoryName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Done.")
        Catch e As Exception
            Console.WriteLine(e)
        End Try

        Console.ReadLine()

    End Sub


    ' Adds an ACL entry on the specified directory for the specified account.
    Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
        ' Create a new DirectoryInfoobject.
        Dim dInfo As New DirectoryInfo(FileName)

        ' Get a DirectorySecurity object that represents the 
        ' current security settings.
        Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()

        ' Add the FileSystemAccessRule to the security settings. 
        dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))

        ' Set the new access settings.
        dInfo.SetAccessControl(dSecurity)

    End Sub


    ' Removes an ACL entry on the specified directory for the specified account.
    Sub RemoveDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
        ' Create a new DirectoryInfo object.
        Dim dInfo As New DirectoryInfo(FileName)

        ' Get a DirectorySecurity object that represents the 
        ' current security settings.
        Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()

        ' Add the FileSystemAccessRule to the security settings. 
        dSecurity.RemoveAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))

        ' Set the new access settings.
        dInfo.SetAccessControl(dSecurity)

    End Sub
End Module

설명

액세스 제어 목록 (ACL)을 개인 및/또는 있거나 없는, 특정된 파일이 나 디렉터리에 대 한 특정 작업에 대 한 권한이 있는 사용자 그룹에 설명 합니다.An access control list (ACL) describes individuals and/or groups who have, or do not have, rights to specific actions on the given file or directory. 자세한 내용은 방법: Access Control 목록 항목 추가 또는 제거를 참조하세요.For more information, see How to: Add or Remove Access Control List Entries.

SetAccessControl 메서드는 ACL 항목을 noninherited ACL 목록을 나타내는 파일에 적용 합니다.The SetAccessControl method applies ACL entries to a file that represents the noninherited ACL list.

주의

directorySecurity에 대해 지정 된 ACL은 디렉터리의 기존 ACL을 대체 합니다.The ACL specified for directorySecurity replaces the existing ACL for the directory. 새 사용자에 대 한 사용 권한을 추가 하려면 GetAccessControl 메서드를 사용 하 여 기존 ACL을 가져온 다음 수정 합니다.To add permissions for a new user, use the GetAccessControl method to obtain the existing ACL, and modify it.

SetAccessControl 메서드는 개체를 만든 후 수정 된 개체만 유지 DirectorySecurity 합니다.The SetAccessControl method persists only DirectorySecurity objects that have been modified after object creation. DirectorySecurity 개체가 수정 되지 않은 경우 파일에 저장 되지 않습니다.If a DirectorySecurity object has not been modified, it will not be persisted to a file. 따라서 한 파일에서 DirectorySecurity 개체를 검색 하 고 다른 파일에 동일한 개체를 다시 적용할 수 없습니다.Therefore, it is not possible to retrieve a DirectorySecurity object from one file and reapply the same object to another file.

ACL 정보 파일에서 다른 위치로 복사할:To copy ACL information from one file to another:

  1. GetAccessControl 메서드를 사용 하 여 소스 파일에서 DirectorySecurity 개체를 검색 합니다.Use the GetAccessControl method to retrieve the DirectorySecurity object from the source file.

  2. 대상 파일에 대 한 새 DirectorySecurity 개체를 만듭니다.Create a new DirectorySecurity object for the destination file.

  3. 원본 DirectorySecurity 개체의 GetSecurityDescriptorBinaryForm 또는 GetSecurityDescriptorSddlForm 메서드를 사용 하 여 ACL 정보를 검색 합니다.Use the GetSecurityDescriptorBinaryForm or GetSecurityDescriptorSddlForm method of the source DirectorySecurity object to retrieve the ACL information.

  4. SetSecurityDescriptorBinaryForm 또는 SetSecurityDescriptorSddlForm 메서드를 사용 하 여 3 단계에서 검색 한 정보를 대상 DirectorySecurity 개체에 복사 합니다.Use the SetSecurityDescriptorBinaryForm or SetSecurityDescriptorSddlForm method to copy the information retrieved in step 3 to the destination DirectorySecurity object.

  5. SetAccessControl 메서드를 사용 하 여 대상 DirectorySecurity 개체를 대상 파일로 설정 합니다.Set the destination DirectorySecurity object to the destination file using the SetAccessControl method.

적용 대상