Directory.SetAccessControl(String, DirectorySecurity) Directory.SetAccessControl(String, DirectorySecurity) Directory.SetAccessControl(String, DirectorySecurity) Method

定義

DirectorySecurity 物件描述的存取控制清單 (ACL) 項目套用至指定的目錄。Applies access control list (ACL) entries described by a DirectorySecurity object to the specified directory.

public:
 static void SetAccessControl(System::String ^ path, System::Security::AccessControl::DirectorySecurity ^ directorySecurity);
public static void SetAccessControl (string path, System.Security.AccessControl.DirectorySecurity directorySecurity);
static member SetAccessControl : string * System.Security.AccessControl.DirectorySecurity -> unit

參數

path
String String String

要加入或從中移除存取控制清單 (ACL) 項目的目錄。A directory to add or remove access control list (ACL) entries from.

directorySecurity
DirectorySecurity DirectorySecurity DirectorySecurity

DirectorySecurity 物件,描述要套用至 path 參數所描述之目錄的 ACL 項目。A DirectorySecurity object that describes an ACL entry to apply to the directory described by the path parameter.

例外狀況

directorySecurity 參數為 nullThe directorySecurity parameter is null.

找不到此目錄。The directory could not be found.

path 無效。The path was invalid.

目前的處理序無法存取 path 所指定的目錄。The current process does not have access to the directory specified by path.

-或--or- 目前的處理序沒有足夠的權限可設定 ACL 項目。The current process does not have sufficient privilege to set the ACL entry.

目前的作業系統不是 Windows 2000 或更新版本。The current operating system is not Windows 2000 or later.

範例

下列範例會使用GetAccessControl SetAccessControl和方法來新增存取控制清單 (ACL) 專案, 然後從目錄中移除 ACL 專案。The following example uses the GetAccessControl and the SetAccessControl methods to add an access control list (ACL) entry and then remove an ACL entry from a directory. 您必須提供有效的使用者或群組帳戶,才能執行這個範例。You must supply a valid user or group account to run this example.

using namespace System;
using namespace System::IO;
using namespace System::Security::AccessControl;

// Adds an ACL entry on the specified directory for the
// specified account.
void AddDirectorySecurity(String^ directoryName, String^ account, 
     FileSystemRights rights, AccessControlType controlType)
{
    // Create a new DirectoryInfo object.
    DirectoryInfo^ dInfo = gcnew DirectoryInfo(directoryName);

    // Get a DirectorySecurity object that represents the
    // current security settings.
    DirectorySecurity^ dSecurity = dInfo->GetAccessControl();

    // Add the FileSystemAccessRule to the security settings.
    dSecurity->AddAccessRule( gcnew FileSystemAccessRule(account,
        rights, controlType));

    // Set the new access settings.
    dInfo->SetAccessControl(dSecurity);
}

// Removes an ACL entry on the specified directory for the
// specified account.
void RemoveDirectorySecurity(String^ directoryName, String^ account,
     FileSystemRights rights, AccessControlType controlType)
{
    // Create a new DirectoryInfo object.
    DirectoryInfo^ dInfo = gcnew DirectoryInfo(directoryName);

    // Get a DirectorySecurity object that represents the
    // current security settings.
    DirectorySecurity^ dSecurity = dInfo->GetAccessControl();

    // Add the FileSystemAccessRule to the security settings.
    dSecurity->RemoveAccessRule(gcnew FileSystemAccessRule(account,
        rights, controlType));

    // Set the new access settings.
    dInfo->SetAccessControl(dSecurity);
}    

int main()
{
    String^ directoryName = "TestDirectory";
    String^ accountName = "MYDOMAIN\\MyAccount";
    if (!Directory::Exists(directoryName))
    {
        Console::WriteLine("The directory {0} could not be found.", 
            directoryName);
        return 0;
    }
    try
    {
        Console::WriteLine("Adding access control entry for {0}",
            directoryName);

        // Add the access control entry to the directory.
        AddDirectorySecurity(directoryName, accountName,
            FileSystemRights::ReadData, AccessControlType::Allow);

        Console::WriteLine("Removing access control entry from {0}",
            directoryName);

        // Remove the access control entry from the directory.
        RemoveDirectorySecurity(directoryName, accountName, 
            FileSystemRights::ReadData, AccessControlType::Allow);

        Console::WriteLine("Done.");
    }
    catch (UnauthorizedAccessException^)
    {
        Console::WriteLine("You are not authorised to carry" +
            " out this procedure.");
    }
    catch (System::Security::Principal::
        IdentityNotMappedException^)
    {
        Console::WriteLine("The account {0} could not be found.", accountName);
    }
}

using System;
using System.IO;
using System.Security.AccessControl;

namespace FileSystemExample
{
    class DirectoryExample
    {
        public static void Main()
        {
            try
            {
                string DirectoryName = "TestDirectory";

                Console.WriteLine("Adding access control entry for " + DirectoryName);

                // Add the access control entry to the directory.
                AddDirectorySecurity(DirectoryName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Removing access control entry from " + DirectoryName);

                // Remove the access control entry from the directory.
                RemoveDirectorySecurity(DirectoryName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Done.");
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }

            Console.ReadLine();
        }

        // Adds an ACL entry on the specified directory for the specified account.
        public static void AddDirectorySecurity(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
        {
            // Create a new DirectoryInfo object.
            DirectoryInfo dInfo = new DirectoryInfo(FileName);

            // Get a DirectorySecurity object that represents the 
            // current security settings.
            DirectorySecurity dSecurity = dInfo.GetAccessControl();

            // Add the FileSystemAccessRule to the security settings. 
            dSecurity.AddAccessRule(new FileSystemAccessRule(Account,
                                                            Rights,
                                                            ControlType));

            // Set the new access settings.
            dInfo.SetAccessControl(dSecurity);

        }

        // Removes an ACL entry on the specified directory for the specified account.
        public static void RemoveDirectorySecurity(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
        {
            // Create a new DirectoryInfo object.
            DirectoryInfo dInfo = new DirectoryInfo(FileName);

            // Get a DirectorySecurity object that represents the 
            // current security settings.
            DirectorySecurity dSecurity = dInfo.GetAccessControl();

            // Add the FileSystemAccessRule to the security settings. 
            dSecurity.RemoveAccessRule(new FileSystemAccessRule(Account,
                                                            Rights,
                                                            ControlType));

            // Set the new access settings.
            dInfo.SetAccessControl(dSecurity);

        }
    }
}

Imports System.IO
Imports System.Security.AccessControl



Module DirectoryExample

    Sub Main()
        Try
            Dim DirectoryName As String = "TestDirectory"

            Console.WriteLine("Adding access control entry for " + DirectoryName)

            ' Add the access control entry to the directory.
            AddDirectorySecurity(DirectoryName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Removing access control entry from " + DirectoryName)

            ' Remove the access control entry from the directory.
            RemoveDirectorySecurity(DirectoryName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Done.")
        Catch e As Exception
            Console.WriteLine(e)
        End Try

        Console.ReadLine()

    End Sub


    ' Adds an ACL entry on the specified directory for the specified account.
    Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
        ' Create a new DirectoryInfoobject.
        Dim dInfo As New DirectoryInfo(FileName)

        ' Get a DirectorySecurity object that represents the 
        ' current security settings.
        Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()

        ' Add the FileSystemAccessRule to the security settings. 
        dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))

        ' Set the new access settings.
        dInfo.SetAccessControl(dSecurity)

    End Sub


    ' Removes an ACL entry on the specified directory for the specified account.
    Sub RemoveDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
        ' Create a new DirectoryInfo object.
        Dim dInfo As New DirectoryInfo(FileName)

        ' Get a DirectorySecurity object that represents the 
        ' current security settings.
        Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()

        ' Add the FileSystemAccessRule to the security settings. 
        dSecurity.RemoveAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))

        ' Set the new access settings.
        dInfo.SetAccessControl(dSecurity)

    End Sub
End Module

備註

SetAccessControl方法會將存取控制清單 (ACL) 專案套用至代表 noninherited ACL 清單的檔案。The SetAccessControl method applies access control list (ACL) entries to a file that represents the noninherited ACL list.

警告

directorySecurity參數指定的 acl 會取代目錄的現有 acl。The ACL specified for the directorySecurity parameter replaces the existing ACL for the directory. 若要加入新使用者的許可權, 請使用GetAccessControl方法來取得現有的 ACL 並加以修改。To add permissions for a new user, use the GetAccessControl method to obtain the existing ACL and modify it.

ACL 會描述在指定檔案或目錄上, 擁有或不具有特定動作之許可權的個人和/或群組。An ACL describes individuals and/or groups who have, or do not have, rights to specific actions on the given file or directory. 如需詳細資訊,請參閱如何:新增或移除存取控制清單項目For more information, see How to: Add or Remove Access Control List Entries.

SetAccessControl方法只DirectorySecurity會保存在物件建立之後修改過的物件。The SetAccessControl method persists only DirectorySecurity objects that have been modified after object creation. DirectorySecurity如果物件尚未修改, 則不會保存至檔案。If a DirectorySecurity object has not been modified, it will not be persisted to a file. 因此, 您無法DirectorySecurity從某個檔案抓取物件, 並將相同的物件重新套用至另一個檔案。Therefore, it is not possible to retrieve a DirectorySecurity object from one file and reapply the same object to another file.

若要將 ACL 資訊從一個檔案複製到另一個檔案:To copy ACL information from one file to another:

  1. 使用方法, 從原始檔DirectorySecurity中取出物件。 GetAccessControlUse the GetAccessControl method to retrieve the DirectorySecurity object from the source file.

  2. 為目的地檔案DirectorySecurity建立新的物件。Create a new DirectorySecurity object for the destination file.

  3. 使用來源GetSecurityDescriptorBinaryForm GetSecurityDescriptorSddlForm物件的或方法來抓取ACL資訊。DirectorySecurityUse the GetSecurityDescriptorBinaryForm or GetSecurityDescriptorSddlForm method of the source DirectorySecurity object to retrieve the ACL information.

  4. SetSecurityDescriptorBinaryForm使用或SetSecurityDescriptorSddlForm方法, 將在步驟3中取得的資訊複製到目的地DirectorySecurity物件。Use the SetSecurityDescriptorBinaryForm or SetSecurityDescriptorSddlForm method to copy the information retrieved in step 3 to the destination DirectorySecurity object.

  5. 使用方法, DirectorySecurity將目的地物件設定為目的地檔案。 SetAccessControlSet the destination DirectorySecurity object to the destination file using the SetAccessControl method.

在 NTFS 環境中ReadAttributes , ReadExtendedAttributes如果使用者擁有ListDirectory父資料夾的許可權, 則會將和授與使用者。In NTFS environments, ReadAttributes and ReadExtendedAttributes are granted to the user if the user has ListDirectory rights on the parent folder. 若要ReadAttributes拒絕ReadExtendedAttributes和, ListDirectory請在上層目錄上拒絕。To deny ReadAttributes and ReadExtendedAttributes, deny ListDirectory on the parent directory.

安全性

FileIOPermission
用於列舉目錄存取控制清單 (ACL) 的許可權。for permission to enumerate access control list (ACL) for a directory. 相關聯的NoAccess列舉:、ViewAssociated enumerations: NoAccess , View 安全性動作:需.Security action: Demand.

適用於

另請參閱