DirectoryInfo.SetAccessControl(DirectorySecurity) 方法

定義

DirectorySecurity 物件所描述的存取控制清單 (ACL) 項目套用至目前 DirectoryInfo 物件所描述的目錄。Applies access control list (ACL) entries described by a DirectorySecurity object to the directory described by the current DirectoryInfo object.

public:
 void SetAccessControl(System::Security::AccessControl::DirectorySecurity ^ directorySecurity);
public void SetAccessControl (System.Security.AccessControl.DirectorySecurity directorySecurity);
member this.SetAccessControl : System.Security.AccessControl.DirectorySecurity -> unit

參數

directorySecurity
DirectorySecurity

物件,描述要套用到 path 參數所描述之目錄的 ACL 項目。An object that describes an ACL entry to apply to the directory described by the path parameter.

例外狀況

directorySecurity 參數為 nullThe directorySecurity parameter is null.

找不到或無法修改檔案。The file could not be found or modified.

目前的處理序不具有開啟檔案的存取權。The current process does not have access to open the file.

目前的作業系統不是 Microsoft Windows 2000 (含) 以後版本。The current operating system is not Microsoft Windows 2000 or later.

範例

下列範例會使用 GetAccessControlSetAccessControl 方法來新增和移除目錄中的存取控制清單(ACL)專案。The following example uses the GetAccessControl and SetAccessControl methods to add and then remove an access control list (ACL) entry from a directory.

using namespace System;
using namespace System::IO;
using namespace System::Security::AccessControl;

// Adds an ACL entry on the specified directory for the
// specified account.
void AddDirectorySecurity(String^ directoryName, String^ account, 
     FileSystemRights rights, AccessControlType controlType)
{
    // Create a new DirectoryInfo object.
    DirectoryInfo^ dInfo = gcnew DirectoryInfo(directoryName);

    // Get a DirectorySecurity object that represents the
    // current security settings.
    DirectorySecurity^ dSecurity = dInfo->GetAccessControl();

    // Add the FileSystemAccessRule to the security settings.
    dSecurity->AddAccessRule( gcnew FileSystemAccessRule(account,
        rights, controlType));

    // Set the new access settings.
    dInfo->SetAccessControl(dSecurity);
}

// Removes an ACL entry on the specified directory for the
// specified account.
void RemoveDirectorySecurity(String^ directoryName, String^ account,
     FileSystemRights rights, AccessControlType controlType)
{
    // Create a new DirectoryInfo object.
    DirectoryInfo^ dInfo = gcnew DirectoryInfo(directoryName);

    // Get a DirectorySecurity object that represents the
    // current security settings.
    DirectorySecurity^ dSecurity = dInfo->GetAccessControl();

    // Add the FileSystemAccessRule to the security settings.
    dSecurity->RemoveAccessRule(gcnew FileSystemAccessRule(account,
        rights, controlType));

    // Set the new access settings.
    dInfo->SetAccessControl(dSecurity);
}    

int main()
{
    String^ directoryName = "TestDirectory";
    String^ accountName = "MYDOMAIN\\MyAccount";
    if (!Directory::Exists(directoryName))
    {
        Console::WriteLine("The directory {0} could not be found.", 
            directoryName);
        return 0;
    }
    try
    {
        Console::WriteLine("Adding access control entry for {0}",
            directoryName);

        // Add the access control entry to the directory.
        AddDirectorySecurity(directoryName, accountName,
            FileSystemRights::ReadData, AccessControlType::Allow);

        Console::WriteLine("Removing access control entry from {0}",
            directoryName);

        // Remove the access control entry from the directory.
        RemoveDirectorySecurity(directoryName, accountName, 
            FileSystemRights::ReadData, AccessControlType::Allow);

        Console::WriteLine("Done.");
    }
    catch (UnauthorizedAccessException^)
    {
        Console::WriteLine("You are not authorised to carry" +
            " out this procedure.");
    }
    catch (System::Security::Principal::
        IdentityNotMappedException^)
    {
        Console::WriteLine("The account {0} could not be found.", accountName);
    }
}

using System;
using System.IO;
using System.Security.AccessControl;

namespace FileSystemExample
{
    class DirectoryExample
    {
        public static void Main()
        {
            try
            {
                string DirectoryName = "TestDirectory";

                Console.WriteLine("Adding access control entry for " + DirectoryName);

                // Add the access control entry to the directory.
                AddDirectorySecurity(DirectoryName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Removing access control entry from " + DirectoryName);

                // Remove the access control entry from the directory.
                RemoveDirectorySecurity(DirectoryName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Done.");
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }

            Console.ReadLine();
        }

        // Adds an ACL entry on the specified directory for the specified account.
        public static void AddDirectorySecurity(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
        {
            // Create a new DirectoryInfo object.
            DirectoryInfo dInfo = new DirectoryInfo(FileName);

            // Get a DirectorySecurity object that represents the 
            // current security settings.
            DirectorySecurity dSecurity = dInfo.GetAccessControl();

            // Add the FileSystemAccessRule to the security settings. 
            dSecurity.AddAccessRule(new FileSystemAccessRule(Account,
                                                            Rights,
                                                            ControlType));

            // Set the new access settings.
            dInfo.SetAccessControl(dSecurity);
        }

        // Removes an ACL entry on the specified directory for the specified account.
        public static void RemoveDirectorySecurity(string FileName, string Account, FileSystemRights Rights, AccessControlType ControlType)
        {
            // Create a new DirectoryInfo object.
            DirectoryInfo dInfo = new DirectoryInfo(FileName);

            // Get a DirectorySecurity object that represents the 
            // current security settings.
            DirectorySecurity dSecurity = dInfo.GetAccessControl();

            // Add the FileSystemAccessRule to the security settings. 
            dSecurity.RemoveAccessRule(new FileSystemAccessRule(Account,
                                                            Rights,
                                                            ControlType));

            // Set the new access settings.
            dInfo.SetAccessControl(dSecurity);
        }
    }
}

Imports System.IO
Imports System.Security.AccessControl



Module DirectoryExample

    Sub Main()
        Try
            Dim DirectoryName As String = "TestDirectory"

            Console.WriteLine("Adding access control entry for " + DirectoryName)

            ' Add the access control entry to the directory.
            AddDirectorySecurity(DirectoryName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Removing access control entry from " + DirectoryName)

            ' Remove the access control entry from the directory.
            RemoveDirectorySecurity(DirectoryName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Done.")
        Catch e As Exception
            Console.WriteLine(e)
        End Try

        Console.ReadLine()

    End Sub


    ' Adds an ACL entry on the specified directory for the specified account.
    Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
        ' Create a new DirectoryInfoobject.
        Dim dInfo As New DirectoryInfo(FileName)

        ' Get a DirectorySecurity object that represents the 
        ' current security settings.
        Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()

        ' Add the FileSystemAccessRule to the security settings. 
        dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))

        ' Set the new access settings.
        dInfo.SetAccessControl(dSecurity)

    End Sub


    ' Removes an ACL entry on the specified directory for the specified account.
    Sub RemoveDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
        ' Create a new DirectoryInfo object.
        Dim dInfo As New DirectoryInfo(FileName)

        ' Get a DirectorySecurity object that represents the 
        ' current security settings.
        Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()

        ' Add the FileSystemAccessRule to the security settings. 
        dSecurity.RemoveAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))

        ' Set the new access settings.
        dInfo.SetAccessControl(dSecurity)

    End Sub
End Module

備註

存取控制清單(ACL)會針對指定的檔案或目錄,說明擁有或不具有特定動作之許可權的個人和/或群組。An access control list (ACL) describes individuals and/or groups who have, or do not have, rights to specific actions on the given file or directory. 如需詳細資訊,請參閱如何:新增或移除存取控制清單項目For more information, see How to: Add or Remove Access Control List Entries.

SetAccessControl 方法會將 ACL 專案套用至代表 noninherited ACL 清單的檔案。The SetAccessControl method applies ACL entries to a file that represents the noninherited ACL list.

警告

directorySecurity 指定的 ACL 會取代目錄的現有 ACL。The ACL specified for directorySecurity replaces the existing ACL for the directory. 若要加入新使用者的許可權,請使用 GetAccessControl 方法來取得現有的 ACL,並加以修改。To add permissions for a new user, use the GetAccessControl method to obtain the existing ACL, and modify it.

SetAccessControl 方法只會保存在物件建立之後修改過的 DirectorySecurity 物件。The SetAccessControl method persists only DirectorySecurity objects that have been modified after object creation. 如果尚未修改 DirectorySecurity 物件,則不會將它保存在檔案中。If a DirectorySecurity object has not been modified, it will not be persisted to a file. 因此,您無法從某個檔案抓取 DirectorySecurity 物件,並將相同的物件重新套用至另一個檔案。Therefore, it is not possible to retrieve a DirectorySecurity object from one file and reapply the same object to another file.

若要將 ACL 資訊從一個檔案複製到另一個檔案:To copy ACL information from one file to another:

  1. 使用 GetAccessControl 方法,從原始檔中取出 DirectorySecurity 物件。Use the GetAccessControl method to retrieve the DirectorySecurity object from the source file.

  2. 為目的地檔案建立新的 DirectorySecurity 物件。Create a new DirectorySecurity object for the destination file.

  3. 使用來源 DirectorySecurity 物件的 GetSecurityDescriptorBinaryFormGetSecurityDescriptorSddlForm 方法,來抓取 ACL 資訊。Use the GetSecurityDescriptorBinaryForm or GetSecurityDescriptorSddlForm method of the source DirectorySecurity object to retrieve the ACL information.

  4. 使用 SetSecurityDescriptorBinaryFormSetSecurityDescriptorSddlForm 方法,將步驟3中所抓取的資訊複製到目的地 DirectorySecurity 物件。Use the SetSecurityDescriptorBinaryForm or SetSecurityDescriptorSddlForm method to copy the information retrieved in step 3 to the destination DirectorySecurity object.

  5. 使用 SetAccessControl 方法,將目的地 DirectorySecurity 物件設定為目的地檔案。Set the destination DirectorySecurity object to the destination file using the SetAccessControl method.

安全性

FileIOPermission
用於列舉目錄存取控制清單(ACL)的許可權。for permission to enumerate access control list (ACL) for a directory. 安全性動作: DemandSecurity action: Demand. 相關聯的列舉: NoAccessViewAssociated enumerations: NoAccess, View

適用於