File.SetAccessControl(String, FileSecurity) 方法
定义
将 FileSecurity 对象描述的访问控制列表 (ACL) 项应用于指定的文件。Applies access control list (ACL) entries described by a FileSecurity object to the specified file.
public:
static void SetAccessControl(System::String ^ path, System::Security::AccessControl::FileSecurity ^ fileSecurity);
public static void SetAccessControl (string path, System.Security.AccessControl.FileSecurity fileSecurity);
static member SetAccessControl : string * System.Security.AccessControl.FileSecurity -> unit
Public Shared Sub SetAccessControl (path As String, fileSecurity As FileSecurity)
参数
- path
- String
从其中添加或移除访问控制列表 (ACL) 项的文件。A file to add or remove access control list (ACL) entries from.
- fileSecurity
- FileSecurity
一个 FileSecurity 对象,描述要应用于 path 参数所描述的文件的 ACL 项。A FileSecurity object that describes an ACL entry to apply to the file described by the path parameter.
例外
打开文件时发生 I/O 错误。An I/O error occurred while opening the file.
path 参数为 null。The path parameter is null.
找不到文件。The file could not be found.
path 参数指定了一个只读文件。The path parameter specified a file that is read-only.
- 或 --or- 当前平台不支持此操作。This operation is not supported on the current platform.
- 或 --or-
path 参数指定了一个目录。The path parameter specified a directory.
- 或 --or- 调用方没有所要求的权限。The caller does not have the required permission.
fileSecurity 参数为 null。The fileSecurity parameter is null.
示例
下面的代码示例使用 GetAccessControl 和 SetAccessControl 方法,从文件添加并删除访问控制列表 (ACL) 条目。The following code example uses the GetAccessControl and SetAccessControl methods to add and then remove an access control list (ACL) entry from a file. 你必须提供有效的用户或组帐户以运行此示例。You must supply a valid user or group account to run this example.
using namespace System;
using namespace System::IO;
using namespace System::Security::AccessControl;
// Adds an ACL entry on the specified file for the specified account.
void AddFileSecurity(String^ fileName, String^ account,
FileSystemRights rights, AccessControlType controlType)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity^ fSecurity = File::GetAccessControl(fileName);
// Add the FileSystemAccessRule to the security settings.
fSecurity->AddAccessRule(gcnew FileSystemAccessRule
(account,rights, controlType));
// Set the new access settings.
File::SetAccessControl(fileName, fSecurity);
}
// Removes an ACL entry on the specified file for the specified account.
void RemoveFileSecurity(String^ fileName, String^ account,
FileSystemRights rights, AccessControlType controlType)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity^ fSecurity = File::GetAccessControl(fileName);
// Remove the FileSystemAccessRule from the security settings.
fSecurity->RemoveAccessRule(gcnew FileSystemAccessRule
(account,rights, controlType));
// Set the new access settings.
File::SetAccessControl(fileName, fSecurity);
}
int main()
{
try
{
String^ fileName = "test.xml";
Console::WriteLine("Adding access control entry for " + fileName);
// Add the access control entry to the file.
AddFileSecurity(fileName, "MYDOMAIN\\MyAccount",
FileSystemRights::ReadData, AccessControlType::Allow);
Console::WriteLine("Removing access control entry from " + fileName);
// Remove the access control entry from the file.
RemoveFileSecurity(fileName, "MYDOMAIN\\MyAccount",
FileSystemRights::ReadData, AccessControlType::Allow);
Console::WriteLine("Done.");
}
catch (Exception^ ex)
{
Console::WriteLine(ex->Message);
}
}
using System;
using System.IO;
using System.Security.AccessControl;
namespace FileSystemExample
{
class FileExample
{
public static void Main()
{
try
{
string fileName = "test.xml";
Console.WriteLine("Adding access control entry for "
+ fileName);
// Add the access control entry to the file.
AddFileSecurity(fileName, @"DomainName\AccountName",
FileSystemRights.ReadData, AccessControlType.Allow);
Console.WriteLine("Removing access control entry from "
+ fileName);
// Remove the access control entry from the file.
RemoveFileSecurity(fileName, @"DomainName\AccountName",
FileSystemRights.ReadData, AccessControlType.Allow);
Console.WriteLine("Done.");
}
catch (Exception e)
{
Console.WriteLine(e);
}
}
// Adds an ACL entry on the specified file for the specified account.
public static void AddFileSecurity(string fileName, string account,
FileSystemRights rights, AccessControlType controlType)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = File.GetAccessControl(fileName);
// Add the FileSystemAccessRule to the security settings.
fSecurity.AddAccessRule(new FileSystemAccessRule(account,
rights, controlType));
// Set the new access settings.
File.SetAccessControl(fileName, fSecurity);
}
// Removes an ACL entry on the specified file for the specified account.
public static void RemoveFileSecurity(string fileName, string account,
FileSystemRights rights, AccessControlType controlType)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = File.GetAccessControl(fileName);
// Remove the FileSystemAccessRule from the security settings.
fSecurity.RemoveAccessRule(new FileSystemAccessRule(account,
rights, controlType));
// Set the new access settings.
File.SetAccessControl(fileName, fSecurity);
}
}
}
Imports System.IO
Imports System.Security.AccessControl
Module FileExample
Sub Main()
Try
Dim fileName As String = "test.xml"
Console.WriteLine("Adding access control entry for " & fileName)
' Add the access control entry to the file.
AddFileSecurity(fileName, "DomainName\AccountName", _
FileSystemRights.ReadData, AccessControlType.Allow)
Console.WriteLine("Removing access control entry from " & fileName)
' Remove the access control entry from the file.
RemoveFileSecurity(fileName, "DomainName\AccountName", _
FileSystemRights.ReadData, AccessControlType.Allow)
Console.WriteLine("Done.")
Catch e As Exception
Console.WriteLine(e)
End Try
End Sub
' Adds an ACL entry on the specified file for the specified account.
Sub AddFileSecurity(ByVal fileName As String, ByVal account As String, _
ByVal rights As FileSystemRights, ByVal controlType As AccessControlType)
' Get a FileSecurity object that represents the
' current security settings.
Dim fSecurity As FileSecurity = File.GetAccessControl(fileName)
' Add the FileSystemAccessRule to the security settings.
Dim accessRule As FileSystemAccessRule = _
New FileSystemAccessRule(account, rights, controlType)
fSecurity.AddAccessRule(accessRule)
' Set the new access settings.
File.SetAccessControl(fileName, fSecurity)
End Sub
' Removes an ACL entry on the specified file for the specified account.
Sub RemoveFileSecurity(ByVal fileName As String, ByVal account As String, _
ByVal rights As FileSystemRights, ByVal controlType As AccessControlType)
' Get a FileSecurity object that represents the
' current security settings.
Dim fSecurity As FileSecurity = File.GetAccessControl(fileName)
' Remove the FileSystemAccessRule from the security settings.
fSecurity.RemoveAccessRule(New FileSystemAccessRule(account, _
rights, controlType))
' Set the new access settings.
File.SetAccessControl(fileName, fSecurity)
End Sub
End Module
注解
此 SetAccessControl 方法将访问控制列表 (ACL) 条目应用到表示 NONINHERITED ACL 列表的文件中。The SetAccessControl method applies access control list (ACL) entries to a file that represents the noninherited ACL list.
注意
为该参数指定的 ACL 将 fileSecurity 替换该文件的现有 acl。The ACL specified for the fileSecurity parameter replaces the existing ACL for the file. 若要为新用户添加权限,请使用 GetAccessControl 方法获取现有 ACL,对其进行修改,然后使用将 SetAccessControl 其应用回文件。To add permissions for a new user, use the GetAccessControl method to obtain the existing ACL, modify it, and then use SetAccessControl to apply it back to the file.
ACL 描述对给定文件具有或没有特定操作权限的个人和/或组。An ACL describes individuals and/or groups who have, or do not have, rights to specific actions on the given file. 有关详细信息,请参阅如何:添加或删除访问控制列表条目。For more information, see How to: Add or Remove Access Control List Entries.
SetAccessControl方法仅保留 FileSecurity 在对象创建后修改的对象。The SetAccessControl method persists only FileSecurity objects that have been modified after object creation. 如果尚未 FileSecurity 修改对象,则不会将其保存到文件中。If a FileSecurity object has not been modified, it will not be persisted to a file. 因此,无法 FileSecurity 从一个文件中检索对象,并将相同的对象重新应用到另一个文件。Therefore, it is not possible to retrieve a FileSecurity object from one file and reapply the same object to another file.
若要将 ACL 信息从一个文件复制到另一个文件:To copy ACL information from one file to another:
使用 GetAccessControl 方法可以 FileSecurity 从源文件中检索对象。Use the GetAccessControl method to retrieve the FileSecurity object from the source file.
为目标文件创建一个新的 FileSecurity 对象。Create a new FileSecurity object for the destination file.
使用 GetSecurityDescriptorBinaryForm GetSecurityDescriptorSddlForm 源对象的或方法 FileSecurity 来检索 ACL 信息。Use the GetSecurityDescriptorBinaryForm or GetSecurityDescriptorSddlForm method of the source FileSecurity object to retrieve the ACL information.
使用 SetSecurityDescriptorBinaryForm 或 SetSecurityDescriptorSddlForm 方法将在步骤3中检索到的信息复制到目标 FileSecurity 对象。Use the SetSecurityDescriptorBinaryForm or SetSecurityDescriptorSddlForm method to copy the information retrieved in step 3 to the destination FileSecurity object.
FileSecurity使用方法将目标对象设置为目标文件 SetAccessControl 。Set the destination FileSecurity object to the destination file using the SetAccessControl method.
在 NTFS 环境中 ReadAttributes , ReadExtendedAttributes 如果用户对父文件夹具有权限,则将和授予给用户 ListDirectory 。In NTFS environments, ReadAttributes and ReadExtendedAttributes are granted to the user if the user has ListDirectory rights on the parent folder. 拒绝 ReadAttributes 和 ReadExtendedAttributes ,拒绝 ListDirectory 父目录。To deny ReadAttributes and ReadExtendedAttributes, deny ListDirectory on the parent directory.