FileSystemRights 列舉

定義

定義建立存取規則和稽核規則時要使用的存取權限。Defines the access rights to use when creating access and audit rules.

此列舉有 FlagsAttribute 屬性,因此其成員值可進行位元組合。

public enum class FileSystemRights
[System.Flags]
public enum FileSystemRights
[System.Flags]
[System.Security.SecurityCritical]
public enum FileSystemRights
[<System.Flags>]
type FileSystemRights = 
[<System.Flags>]
[<System.Security.SecurityCritical>]
type FileSystemRights = 
Public Enum FileSystemRights
繼承
FileSystemRights
屬性

欄位

AppendData 4

指定將資料附加至檔案結尾的權限。Specifies the right to append data to the end of a file.

ChangePermissions 262144

指定變更與檔案或資料夾關聯之安全性規則和稽核規則的權限。Specifies the right to change the security and audit rules associated with a file or folder.

CreateDirectories 4

指定建立資料夾的權限。此權限需要 Synchronize 值。Specifies the right to create a folder This right requires the Synchronize value.

CreateFiles 2

指定建立檔案的權限。Specifies the right to create a file. 此權限需要 Synchronize 值。This right requires the Synchronize value.

Delete 65536

指定刪除資料夾或檔案的權限。Specifies the right to delete a folder or file.

DeleteSubdirectoriesAndFiles 64

指定刪除資料夾和該資料夾內包含之任何檔案的權限。Specifies the right to delete a folder and any files contained within that folder.

ExecuteFile 32

指定執行應用程式檔案的權限。Specifies the right to run an application file.

FullControl 2032127

指定對資料夾或檔案執行完全控制,並修改存取控制 (Access control) 和稽核規則的權限。Specifies the right to exert full control over a folder or file, and to modify access control and audit rules. 這個值表示對檔案執行任何作業的權限,其為這個列舉型別中所有權限的組合。This value represents the right to do anything with a file and is the combination of all rights in this enumeration.

ListDirectory 1

指定讀取目錄內容的權限。Specifies the right to read the contents of a directory.

Modify 197055

指定讀取、寫入、列出資料夾內容,刪除資料夾及檔案並執行應用程式檔案的權限。Specifies the right to read, write, list folder contents, delete folders and files, and run application files. 這個權限包括 ReadAndExecute 權限、Write 權限及 Delete 權限。This right includes the ReadAndExecute right, the Write right, and the Delete right.

Read 131209

指定以唯讀方式開啟和複製資料夾或檔案的權限。Specifies the right to open and copy folders or files as read-only. 這個權限包括 ReadData 權限、ReadExtendedAttributes 權限、ReadAttributes 權限及 ReadPermissions 權限。This right includes the ReadData right, ReadExtendedAttributes right, ReadAttributes right, and ReadPermissions right.

ReadAndExecute 131241

指定以唯讀方式開啟和複製資料夾或檔案,以及執行應用程式檔案的權限。Specifies the right to open and copy folders or files as read-only, and to run application files. 這個權限包括 Read 權限和 ExecuteFile 權限。This right includes the Read right and the ExecuteFile right.

ReadAttributes 128

指定從資料夾或檔案開啟和複製檔案系統屬性的權限。Specifies the right to open and copy file system attributes from a folder or file. 例如,這個值指定檢視檔案建立或修改日期的權限。For example, this value specifies the right to view the file creation or modified date. 這不包括讀取資料、擴充之檔案系統屬性、存取規則和稽核規則的權限。This does not include the right to read data, extended file system attributes, or access and audit rules.

ReadData 1

指定開啟和複製檔案或資料夾的權限。Specifies the right to open and copy a file or folder. 這不包括讀取檔案系統屬性、擴充之檔案系統屬性、存取規則和稽核規則的權限。This does not include the right to read file system attributes, extended file system attributes, or access and audit rules.

ReadExtendedAttributes 8

指定從資料夾或檔案開啟和複製擴充之檔案系統屬性的權限。Specifies the right to open and copy extended file system attributes from a folder or file. 例如,這個值指定檢視作者和內容資訊的權限。For example, this value specifies the right to view author and content information. 這不包括讀取資料、檔案系統屬性、存取規則和稽核規則的權限。This does not include the right to read data, file system attributes, or access and audit rules.

ReadPermissions 131072

指定從資料夾或檔案開啟和複製存取規則和稽核規則的權限。Specifies the right to open and copy access and audit rules from a folder or file. 這不包括讀取資料、檔案系統屬性及擴充之檔案系統屬性的權限。This does not include the right to read data, file system attributes, and extended file system attributes.

Synchronize 1048576

指定應用程式是否可以等待檔案控制代碼 (File Handle) 與 I/O 作業的完成同步。Specifies whether the application can wait for a file handle to synchronize with the completion of an I/O operation. 若允許存取權,會自動設定此值;若拒絕存取權,則會自動排除此值。This value is automatically set when allowing access and automatically excluded when denying access.

TakeOwnership 524288

指定變更資料夾或檔案擁有人的權限。Specifies the right to change the owner of a folder or file. 請注意,資源的擁有人對該資源具有完全存取權。Note that owners of a resource have full access to that resource.

Traverse 32

指定列出資料夾內容並執行該資料夾內包含之應用程式的權限。Specifies the right to list the contents of a folder and to run applications contained within that folder.

Write 278

指定建立資料夾和檔案,以及將資料新增至檔案或從檔案中移除資料的權限。Specifies the right to create folders and files, and to add or remove data from files. 這個權限包括 WriteData 權限、AppendData 權限、WriteExtendedAttributes 權限及 WriteAttributes 權限。This right includes the WriteData right, AppendData right, WriteExtendedAttributes right, and WriteAttributes right.

WriteAttributes 256

指定開啟檔案系統屬性並將其寫入資料夾或檔案的權限。Specifies the right to open and write file system attributes to a folder or file. 這不包括寫入資料、擴充之屬性、存取規則和稽核規則的能力。This does not include the ability to write data, extended attributes, or access and audit rules.

WriteData 2

指定開啟和寫入檔案或資料夾的權限。Specifies the right to open and write to a file or folder. 這不包括開啟和寫入檔案系統屬性、擴充之檔案系統屬性、存取規則和稽核規則的權限。This does not include the right to open and write file system attributes, extended file system attributes, or access and audit rules.

WriteExtendedAttributes 16

指定開啟擴充之檔案系統屬性並將其寫入資料夾或檔案的權限。Specifies the right to open and write extended file system attributes to a folder or file. 這不包括寫入資料、屬性、存取規則和稽核規則的能力。This does not include the ability to write data, attributes, or access and audit rules.

範例

下列範例會使用 FileSystemRights 列舉來指定存取規則,然後從檔案中移除存取規則。The following example uses the FileSystemRights enumeration to specify an access rule and then remove the access rule from a file. 您必須提供有效的使用者或群組帳戶,才能執行這個範例。You must supply a valid user or group account to run this example.

using namespace System;
using namespace System::IO;
using namespace System::Security::AccessControl;

// Adds an ACL entry on the specified file for the specified account.

void AddFileSecurity(String^ fileName, String^ account, 
                        FileSystemRights rights, AccessControlType controlType)
{
    // Get a FileSecurity object that represents the 
    // current security settings.
    FileSecurity^ fSecurity = File::GetAccessControl(fileName);

    // Add the FileSystemAccessRule to the security settings. 
    fSecurity->AddAccessRule(gcnew FileSystemAccessRule
                                   (account,rights, controlType));

    // Set the new access settings.
    File::SetAccessControl(fileName, fSecurity);
}

// Removes an ACL entry on the specified file for the specified account.

void RemoveFileSecurity(String^ fileName, String^ account, 
                        FileSystemRights rights, AccessControlType controlType)
{

    // Get a FileSecurity object that represents the 
    // current security settings.
    FileSecurity^ fSecurity = File::GetAccessControl(fileName);

    // Remove the FileSystemAccessRule from the security settings. 
    fSecurity->RemoveAccessRule(gcnew FileSystemAccessRule
                                      (account,rights, controlType));

    // Set the new access settings.
    File::SetAccessControl(fileName, fSecurity);
}

int main()
{
    try
    {
        String^ fileName = "test.xml";

        Console::WriteLine("Adding access control entry for " + fileName);

        // Add the access control entry to the file.
        AddFileSecurity(fileName, "MYDOMAIN\\MyAccount", 
            FileSystemRights::ReadData, AccessControlType::Allow);

        Console::WriteLine("Removing access control entry from " + fileName);

        // Remove the access control entry from the file.
        RemoveFileSecurity(fileName, "MYDOMAIN\\MyAccount", 
            FileSystemRights::ReadData, AccessControlType::Allow);

        Console::WriteLine("Done.");
    }
    catch (Exception^ ex)
    {
        Console::WriteLine(ex->Message);
    }
}

using System;
using System.IO;
using System.Security.AccessControl;

namespace FileSystemExample
{
    class FileExample
    {
        public static void Main()
        {
            try
            {
                string fileName = "test.xml";

                Console.WriteLine("Adding access control entry for "
                    + fileName);

                // Add the access control entry to the file.
                AddFileSecurity(fileName, @"DomainName\AccountName",
                    FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Removing access control entry from "
                    + fileName);

                // Remove the access control entry from the file.
                RemoveFileSecurity(fileName, @"DomainName\AccountName",
                    FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Done.");
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }
        }

        // Adds an ACL entry on the specified file for the specified account.
        public static void AddFileSecurity(string fileName, string account,
            FileSystemRights rights, AccessControlType controlType)
        {

            // Get a FileSecurity object that represents the
            // current security settings.
            FileSecurity fSecurity = File.GetAccessControl(fileName);

            // Add the FileSystemAccessRule to the security settings.
            fSecurity.AddAccessRule(new FileSystemAccessRule(account,
                rights, controlType));

            // Set the new access settings.
            File.SetAccessControl(fileName, fSecurity);
        }

        // Removes an ACL entry on the specified file for the specified account.
        public static void RemoveFileSecurity(string fileName, string account,
            FileSystemRights rights, AccessControlType controlType)
        {

            // Get a FileSecurity object that represents the
            // current security settings.
            FileSecurity fSecurity = File.GetAccessControl(fileName);

            // Remove the FileSystemAccessRule from the security settings.
            fSecurity.RemoveAccessRule(new FileSystemAccessRule(account,
                rights, controlType));

            // Set the new access settings.
            File.SetAccessControl(fileName, fSecurity);
        }
    }
}
Imports System.IO
Imports System.Security.AccessControl



Module FileExample

    Sub Main()
        Try
            Dim fileName As String = "test.xml"

            Console.WriteLine("Adding access control entry for " & fileName)

            ' Add the access control entry to the file.
            AddFileSecurity(fileName, "DomainName\AccountName", _
                FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Removing access control entry from " & fileName)

            ' Remove the access control entry from the file.
            RemoveFileSecurity(fileName, "DomainName\AccountName", _
                FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Done.")
        Catch e As Exception
            Console.WriteLine(e)
        End Try

    End Sub


    ' Adds an ACL entry on the specified file for the specified account.
    Sub AddFileSecurity(ByVal fileName As String, ByVal account As String, _
        ByVal rights As FileSystemRights, ByVal controlType As AccessControlType)
  
        ' Get a FileSecurity object that represents the 
        ' current security settings.
        Dim fSecurity As FileSecurity = File.GetAccessControl(fileName)

        ' Add the FileSystemAccessRule to the security settings. 
        Dim accessRule As FileSystemAccessRule = _
            New FileSystemAccessRule(account, rights, controlType)

        fSecurity.AddAccessRule(accessRule)

        ' Set the new access settings.
        File.SetAccessControl(fileName, fSecurity)

    End Sub


    ' Removes an ACL entry on the specified file for the specified account.
    Sub RemoveFileSecurity(ByVal fileName As String, ByVal account As String, _
        ByVal rights As FileSystemRights, ByVal controlType As AccessControlType)

        ' Get a FileSecurity object that represents the 
        ' current security settings.
        Dim fSecurity As FileSecurity = File.GetAccessControl(fileName)

        ' Remove the FileSystemAccessRule from the security settings. 
        fSecurity.RemoveAccessRule(New FileSystemAccessRule(account, _
            rights, controlType))

        ' Set the new access settings.
        File.SetAccessControl(fileName, fSecurity)

    End Sub
End Module

備註

FileSystemRights列舉會指定特定使用者帳戶所允許的檔案系統動作,以及針對特定使用者帳戶審核哪些檔案系統動作。The FileSystemRights enumeration specifies which file system actions are allowed for a particular user account and which file system actions are audited for a particular user account.

使用 FileSystemRights 類別建立存取規則時, FileSystemAccessRule 或使用類別建立審核規則時,請使用列舉 FileSystemAuditRuleUse the FileSystemRights enumeration when creating an access rule with the FileSystemAccessRule class or when creating an audit rule with the FileSystemAuditRule class.

此列舉包含數個細微的系統許可權值,以及數個與這些細微值組合的值。This enumeration contains several granular system rights values and several values that are a combination of those granular values. 使用、和等組合值更容易 FullControl Read Write ,而不是分別指定每個元件值。It is easier to use the combination values such as FullControl, Read, and Write, rather than specifying each component value separately.

CreateDirectoriesCreateFiles 許可權需要 Synchronize 許可權。The CreateDirectories and CreateFiles rights require the Synchronize right. 如果您未在 Synchronize 建立檔案或目錄時明確設定值,則會自動為您設定。If you do not explicitly set the Synchronize value when creating a file or directory, it is set automatically for you.

適用於