如何:添加或删除访问控制列表条目(仅限 .NET Framework)How to: Add or remove Access Control List entries (.NET Framework only)

若要向文件或目录添加或从文件或目录删除访问控制列表 (ACL) 条目,请从文件或目录获取 FileSecurityDirectorySecurity 对象。To add or remove Access Control List (ACL) entries to or from a file or directory, get the FileSecurity or DirectorySecurity object from the file or directory. 修改对象,然后将其应用回文件或目录。Modify the object, and then apply it back to the file or directory.

添加或从文件中删除 ACL 条目Add or remove an ACL entry from a file

  1. 调用 File.GetAccessControl 方法以获取 FileSecurity 对象,该对象包含文件的当前 ACL 条目。Call the File.GetAccessControl method to get a FileSecurity object that contains the current ACL entries of a file.

  2. 添加或从步骤 1 返回的 FileSecurity 对象中删除 ACL 条目。Add or remove ACL entries from the FileSecurity object returned from step 1.

  3. FileSecurity 对象传递给 File.SetAccessControl 方法以应用更改。To apply the changes, pass the FileSecurity object to the File.SetAccessControl method.

添加或从目录中删除 ACL 条目Add or remove an ACL entry from a directory

  1. 调用 Directory.GetAccessControl 方法以获取 DirectorySecurity 对象,该对象包含目录的当前 ACL 条目。Call the Directory.GetAccessControl method to get a DirectorySecurity object that contains the current ACL entries of a directory.

  2. 添加或从步骤 1 返回的 DirectorySecurity 对象中删除 ACL 条目。Add or remove ACL entries from the DirectorySecurity object returned from step 1.

  3. DirectorySecurity 对象传递给 Directory.SetAccessControl 方法以应用更改。To apply the changes, pass the DirectorySecurity object to the Directory.SetAccessControl method.

示例Example

你必须使用有效的用户或组帐户以运行此示例。You must use a valid user or group account to run this example. 此示例使用 File 对象。The example uses a File object. FileInfoDirectoryDirectoryInfo 类使用相同的过程。Use the same procedure for the FileInfo, Directory, and DirectoryInfo classes.

using System;
using System.IO;
using System.Security.AccessControl;

namespace FileSystemExample
{
    class FileExample
    {
        public static void Main()
        {
            try
            {
                string fileName = "test.xml";

                Console.WriteLine("Adding access control entry for "
                    + fileName);

                // Add the access control entry to the file.
                AddFileSecurity(fileName, @"DomainName\AccountName",
                    FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Removing access control entry from "
                    + fileName);

                // Remove the access control entry from the file.
                RemoveFileSecurity(fileName, @"DomainName\AccountName",
                    FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Done.");
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }
        }

        // Adds an ACL entry on the specified file for the specified account.
        public static void AddFileSecurity(string fileName, string account,
            FileSystemRights rights, AccessControlType controlType)
        {

            // Get a FileSecurity object that represents the
            // current security settings.
            FileSecurity fSecurity = File.GetAccessControl(fileName);

            // Add the FileSystemAccessRule to the security settings.
            fSecurity.AddAccessRule(new FileSystemAccessRule(account,
                rights, controlType));

            // Set the new access settings.
            File.SetAccessControl(fileName, fSecurity);

        }

        // Removes an ACL entry on the specified file for the specified account.
        public static void RemoveFileSecurity(string fileName, string account,
            FileSystemRights rights, AccessControlType controlType)
        {

            // Get a FileSecurity object that represents the
            // current security settings.
            FileSecurity fSecurity = File.GetAccessControl(fileName);

            // Remove the FileSystemAccessRule from the security settings.
            fSecurity.RemoveAccessRule(new FileSystemAccessRule(account,
                rights, controlType));

            // Set the new access settings.
            File.SetAccessControl(fileName, fSecurity);

        }
    }
}
Imports System.IO
Imports System.Security.AccessControl



Module FileExample

    Sub Main()
        Try
            Dim fileName As String = "test.xml"

            Console.WriteLine("Adding access control entry for " & fileName)

            ' Add the access control entry to the file.
            AddFileSecurity(fileName, "DomainName\AccountName", _
                FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Removing access control entry from " & fileName)

            ' Remove the access control entry from the file.
            RemoveFileSecurity(fileName, "DomainName\AccountName", _
                FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Done.")
        Catch e As Exception
            Console.WriteLine(e)
        End Try

    End Sub


    ' Adds an ACL entry on the specified file for the specified account.
    Sub AddFileSecurity(ByVal fileName As String, ByVal account As String, _
        ByVal rights As FileSystemRights, ByVal controlType As AccessControlType)
  
        ' Get a FileSecurity object that represents the 
        ' current security settings.
        Dim fSecurity As FileSecurity = File.GetAccessControl(fileName)

        ' Add the FileSystemAccessRule to the security settings. 
        Dim accessRule As FileSystemAccessRule = _
            New FileSystemAccessRule(account, rights, controlType)

        fSecurity.AddAccessRule(accessRule)

        ' Set the new access settings.
        File.SetAccessControl(fileName, fSecurity)

    End Sub


    ' Removes an ACL entry on the specified file for the specified account.
    Sub RemoveFileSecurity(ByVal fileName As String, ByVal account As String, _
        ByVal rights As FileSystemRights, ByVal controlType As AccessControlType)

        ' Get a FileSecurity object that represents the 
        ' current security settings.
        Dim fSecurity As FileSecurity = File.GetAccessControl(fileName)

        ' Remove the FileSystemAccessRule from the security settings. 
        fSecurity.RemoveAccessRule(New FileSystemAccessRule(account, _
            rights, controlType))

        ' Set the new access settings.
        File.SetAccessControl(fileName, fSecurity)

    End Sub
End Module