Some people are thinking better to ask for forgiveness then permissions?
In the modern computing environment, file level permissions are important in operating systems. We do not interact with them directly in most instances in our normal everyday lives. Most of us can create an administrator account, yet know little to nothing
about how we can limit a person?s specific permissions except for technical gurus, IT users, or power users. So, how can we limit a
person's specific permissions depending on his account and privileges. I will explain how to change file level permissions below in
Figure 1: Retrieving users and adding to lstUsers list box.
"Get access control for file"
OpenFileDialog1.ShowDialog = Windows.Forms.DialogResult.OK
filename = OpenFileDialog1.FileName
fs = fi.GetAccessControl
Type = Type.
The second step in the tutorial is to view permissions for a specific user.
As you can see in Example 2, I have selected the user test and his allow and deny permissions to the file show up.
Notice how user test does not have any deny permissions? This is not a code error. In fact, he does not have any revoked or denied permissions at all.
In Figure 2, I show the code for lstUsers_SelectedIndexChangedEvent which shows the permissions for a specific user that is selected from the list.
Figure 2 - lstUsers_SelectedIndexChanged
user = lstUsers.SelectedItem.ToString
AuthRule.IdentityReference.Value.ToString = lstUsers.SelectedItem.ToString
FileSystemRights.FullControl) = FileSystemRights.FullControl
lstAllowPermissions.SetItemChecked(lstAllowPermissions.Items.Count - 1,
lstDenyPermissions.SetItemChecked(lstDenyPermissions.Items.Count - 1,
FileSystemRights.Modify) = FileSystemRights.Modify
?... more permissions can be added here
In this section, permissions are added or removed/denied but are not set on the file.We will be adding new permissions to allow or deny permission lists. The next code section will show how to actually set the new permissions we selected for the file. In
Figure 3, permissions are added to allow or deny lists depending upon what is selected in the cboACLType list box. In Figure 4, the code is displayed for removing currently displayed Allow or Deny permissions. Note: you must remove the permission before changing
to the next user or changes may be lost. To remove an item, uncheck it in the list box And click Remove Permissions.
Example 3: Add New Allow or Deny Permissions
lstAllowPermissions.Items.IndexOf(cboPermissionList.SelectedItem) = -1
lstUsers.SelectedIndex <> -1
'filename must be something or a files properties have not been loaded
lstDenyPermissions.Items.IndexOf(cboPermissionList.SelectedItem) = -1
Figure 4 – showing how the deny permissions were applied to the file.
In Example 4, see how the Permission Entry for devices (devices.txt file) Dialog above is showing only the Deny permission of List Directory Contents and there is a new Deny rule added. The new rule is added when the List folder permission is changed to
deny. This rule is only applied though when we click BtnSet Permissions (also called the Set Permissions button) before moving onto the next user. Note: these are local file permissions and do not include changing any active directory permissions.
This file is an authorized copy of the following article by the same author: Better to ask for permission Then forgiveness codeproject original article.
The formatting of this Wiki article maybe be improved or different compared to the original version.