DirectoryInfo.GetAccessControl 方法

定義

取得目前目錄的存取控制清單 (ACL) 項目。Gets the access control list (ACL) entries for the current directory.

多載

GetAccessControl()

取得 DirectorySecurity 物件,該物件會封裝目前 DirectoryInfo 物件所描述的目錄之存取控制清單 (ACL) 項目。Gets a DirectorySecurity object that encapsulates the access control list (ACL) entries for the directory described by the current DirectoryInfo object.

GetAccessControl(AccessControlSections)

取得 DirectorySecurity 物件,該物件會封裝目前 DirectoryInfo 物件所描述的目錄之指定類型的存取控制清單 (ACL) 項目。Gets a DirectorySecurity object that encapsulates the specified type of access control list (ACL) entries for the directory described by the current DirectoryInfo object.

備註

使用 GetAccessControl 方法來抓取目前檔案的存取控制清單(ACL)專案。Use GetAccessControl methods to retrieve the access control list (ACL) entries for the current file.

如需詳細資訊,請參閱如何:新增或移除存取控制清單項目For more information, see How to: Add or Remove Access Control List Entries.

GetAccessControl()

取得 DirectorySecurity 物件,該物件會封裝目前 DirectoryInfo 物件所描述的目錄之存取控制清單 (ACL) 項目。Gets a DirectorySecurity object that encapsulates the access control list (ACL) entries for the directory described by the current DirectoryInfo object.

public:
 System::Security::AccessControl::DirectorySecurity ^ GetAccessControl();
public System.Security.AccessControl.DirectorySecurity GetAccessControl ();
member this.GetAccessControl : unit -> System.Security.AccessControl.DirectorySecurity
Public Function GetAccessControl () As DirectorySecurity

傳回

DirectorySecurity 物件,封裝目錄的存取控制規則。A DirectorySecurity object that encapsulates the access control rules for the directory.

例外狀況

找不到目錄或無法修改目錄。The directory could not be found or modified.

目錄是唯讀的。The directory is read-only.

-或--or-

這個作業在目前平台不受支援。This operation is not supported on the current platform.

-或--or-

呼叫端沒有必要的權限。The caller does not have the required permission.

開啟目錄時發生 I/O 錯誤。An I/O error occurred while opening the directory.

範例

下列範例會使用 GetAccessControlSetAccessControl 方法來新增和移除目錄中的存取控制清單(ACL)專案。The following example uses the GetAccessControl and SetAccessControl methods to add and then remove an access control list (ACL) entry from a directory.

using namespace System;
using namespace System::IO;
using namespace System::Security::AccessControl;

// Adds an ACL entry on the specified directory for the
// specified account.
void AddDirectorySecurity(String^ directoryName, String^ account, 
     FileSystemRights rights, AccessControlType controlType)
{
    // Create a new DirectoryInfo object.
    DirectoryInfo^ dInfo = gcnew DirectoryInfo(directoryName);

    // Get a DirectorySecurity object that represents the
    // current security settings.
    DirectorySecurity^ dSecurity = dInfo->GetAccessControl();

    // Add the FileSystemAccessRule to the security settings.
    dSecurity->AddAccessRule( gcnew FileSystemAccessRule(account,
        rights, controlType));

    // Set the new access settings.
    dInfo->SetAccessControl(dSecurity);
}

// Removes an ACL entry on the specified directory for the
// specified account.
void RemoveDirectorySecurity(String^ directoryName, String^ account,
     FileSystemRights rights, AccessControlType controlType)
{
    // Create a new DirectoryInfo object.
    DirectoryInfo^ dInfo = gcnew DirectoryInfo(directoryName);

    // Get a DirectorySecurity object that represents the
    // current security settings.
    DirectorySecurity^ dSecurity = dInfo->GetAccessControl();

    // Add the FileSystemAccessRule to the security settings.
    dSecurity->RemoveAccessRule(gcnew FileSystemAccessRule(account,
        rights, controlType));

    // Set the new access settings.
    dInfo->SetAccessControl(dSecurity);
}    

int main()
{
    String^ directoryName = "TestDirectory";
    String^ accountName = "MYDOMAIN\\MyAccount";
    if (!Directory::Exists(directoryName))
    {
        Console::WriteLine("The directory {0} could not be found.", 
            directoryName);
        return 0;
    }
    try
    {
        Console::WriteLine("Adding access control entry for {0}",
            directoryName);

        // Add the access control entry to the directory.
        AddDirectorySecurity(directoryName, accountName,
            FileSystemRights::ReadData, AccessControlType::Allow);

        Console::WriteLine("Removing access control entry from {0}",
            directoryName);

        // Remove the access control entry from the directory.
        RemoveDirectorySecurity(directoryName, accountName, 
            FileSystemRights::ReadData, AccessControlType::Allow);

        Console::WriteLine("Done.");
    }
    catch (UnauthorizedAccessException^)
    {
        Console::WriteLine("You are not authorised to carry" +
            " out this procedure.");
    }
    catch (System::Security::Principal::
        IdentityNotMappedException^)
    {
        Console::WriteLine("The account {0} could not be found.", accountName);
    }
}

using System;
using System.IO;
using System.Security.AccessControl;

namespace FileSystemExample
{
    class DirectoryExample
    {
        public static void Main()
        {
            try
            {
                string DirectoryName = "TestDirectory";

                Console.WriteLine("Adding access control entry for " + DirectoryName);

                // Add the access control entry to the directory.
                AddDirectorySecurity(DirectoryName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Removing access control entry from " + DirectoryName);

                // Remove the access control entry from the directory.
                RemoveDirectorySecurity(DirectoryName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Done.");
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }

            Console.ReadLine();
        }

        // Adds an ACL entry on the specified directory for the specified account.
        public static void AddDirectorySecurity(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
        {
            // Create a new DirectoryInfo object.
            DirectoryInfo dInfo = new DirectoryInfo(FileName);

            // Get a DirectorySecurity object that represents the 
            // current security settings.
            DirectorySecurity dSecurity = dInfo.GetAccessControl();

            // Add the FileSystemAccessRule to the security settings. 
            dSecurity.AddAccessRule(new FileSystemAccessRule(Account,
                                                            Rights,
                                                            ControlType));

            // Set the new access settings.
            dInfo.SetAccessControl(dSecurity);
        }

        // Removes an ACL entry on the specified directory for the specified account.
        public static void RemoveDirectorySecurity(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
        {
            // Create a new DirectoryInfo object.
            DirectoryInfo dInfo = new DirectoryInfo(FileName);

            // Get a DirectorySecurity object that represents the 
            // current security settings.
            DirectorySecurity dSecurity = dInfo.GetAccessControl();

            // Add the FileSystemAccessRule to the security settings. 
            dSecurity.RemoveAccessRule(new FileSystemAccessRule(Account,
                                                            Rights,
                                                            ControlType));

            // Set the new access settings.
            dInfo.SetAccessControl(dSecurity);
        }
    }
}

Imports System.IO
Imports System.Security.AccessControl



Module DirectoryExample

    Sub Main()
        Try
            Dim DirectoryName As String = "TestDirectory"

            Console.WriteLine("Adding access control entry for " + DirectoryName)

            ' Add the access control entry to the directory.
            AddDirectorySecurity(DirectoryName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Removing access control entry from " + DirectoryName)

            ' Remove the access control entry from the directory.
            RemoveDirectorySecurity(DirectoryName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Done.")
        Catch e As Exception
            Console.WriteLine(e)
        End Try

        Console.ReadLine()

    End Sub


    ' Adds an ACL entry on the specified directory for the specified account.
    Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
        ' Create a new DirectoryInfoobject.
        Dim dInfo As New DirectoryInfo(FileName)

        ' Get a DirectorySecurity object that represents the 
        ' current security settings.
        Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()

        ' Add the FileSystemAccessRule to the security settings. 
        dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))

        ' Set the new access settings.
        dInfo.SetAccessControl(dSecurity)

    End Sub


    ' Removes an ACL entry on the specified directory for the specified account.
    Sub RemoveDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
        ' Create a new DirectoryInfo object.
        Dim dInfo As New DirectoryInfo(FileName)

        ' Get a DirectorySecurity object that represents the 
        ' current security settings.
        Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()

        ' Add the FileSystemAccessRule to the security settings. 
        dSecurity.RemoveAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))

        ' Set the new access settings.
        dInfo.SetAccessControl(dSecurity)

    End Sub
End Module

備註

呼叫這個方法多載相當於呼叫 GetAccessControl 方法多載,並指定 AccessControlSections.Access | AccessControlSections.Owner | AccessControlSections.GroupAccessControlSections.AccessOrAccessControlSections.OwnerOrAccessControlSections.Group)的存取控制區段。Calling this method overload is equivalent to calling the GetAccessControl method overload and specifying the access control sections AccessControlSections.Access | AccessControlSections.Owner | AccessControlSections.Group (AccessControlSections.AccessOrAccessControlSections.OwnerOrAccessControlSections.Group in Visual Basic).

使用 GetAccessControl 方法來抓取目前檔案的存取控制清單(ACL)專案。Use the GetAccessControl method to retrieve the access control list (ACL) entries for the current file.

ACL 會描述在指定檔案或目錄上,擁有或不具有特定動作之許可權的個人和/或群組。An ACL describes individuals and/or groups who have, or do not have, rights to specific actions on the given file or directory. 如需詳細資訊,請參閱如何:新增或移除存取控制清單項目For more information, see How to: Add or Remove Access Control List Entries.

GetAccessControl(AccessControlSections)

取得 DirectorySecurity 物件,該物件會封裝目前 DirectoryInfo 物件所描述的目錄之指定類型的存取控制清單 (ACL) 項目。Gets a DirectorySecurity object that encapsulates the specified type of access control list (ACL) entries for the directory described by the current DirectoryInfo object.

public:
 System::Security::AccessControl::DirectorySecurity ^ GetAccessControl(System::Security::AccessControl::AccessControlSections includeSections);
public System.Security.AccessControl.DirectorySecurity GetAccessControl (System.Security.AccessControl.AccessControlSections includeSections);
member this.GetAccessControl : System.Security.AccessControl.AccessControlSections -> System.Security.AccessControl.DirectorySecurity
Public Function GetAccessControl (includeSections As AccessControlSections) As DirectorySecurity

參數

includeSections
AccessControlSections

其中一個 AccessControlSections 值,指定要接收的存取控制清單 (ACL) 資訊之類型。One of the AccessControlSections values that specifies the type of access control list (ACL) information to receive.

傳回

DirectorySecurity 物件,該物件封裝 path 參數所描述之檔案的存取控制規則。A DirectorySecurity object that encapsulates the access control rules for the file described by the path parameter.

例外狀況Exceptions

例外狀況型別Exception type 條件Condition
SystemException 找不到目錄或無法修改目錄。The directory could not be found or modified.
UnauthorizedAccessException 目前的處理序不具有開啟目錄的存取權。The current process does not have access to open the directory.
IOException 開啟目錄時發生 I/O 錯誤。An I/O error occurred while opening the directory.
UnauthorizedAccessException 目錄是唯讀的。The directory is read-only. -或--or- 這個作業在目前平台不受支援。This operation is not supported on the current platform. -或--or- 呼叫端沒有必要的權限。The caller does not have the required permission.

備註

使用 GetAccessControl 方法來抓取目前檔案的存取控制清單(ACL)專案。Use the GetAccessControl method to retrieve the access control list (ACL) entries for the current file.

ACL 會描述在指定檔案或目錄上,擁有或不具有特定動作之許可權的個人和/或群組。An ACL describes individuals and/or groups who have, or do not have, rights to specific actions on the given file or directory. 如需詳細資訊,請參閱如何:新增或移除存取控制清單項目For more information, see How to: Add or Remove Access Control List Entries.

適用於