Set AccessControl method for directory

SetAccessControl method for directory

image credit:

What is ACL and why do we use them?
An access management list (ACL) could be a list of access management entries (ACE). every ACE in associate ACL identifies a trustee and specifies the access rights allowed, denied, or audited for that trustee. the safety descriptor for a securable object will contain 2 kinds of ACLs: a DACL and a SACL.
A discretionary access management list (DACL) identifies the trustees that ar allowed or denied access to a securable object. once a method tries to access a securable object, the system checks the ACEs within the object’s DACL to work out whether or not to grant access to that. If the article doesn’t have a DACL, the system grants full access to everybody. If the object’s DACL has no ACEs, the system denies all tries to access the article as a result of the DACL doesn’t permit any access rights. The system checks the ACEs in sequence till it finds one or additional ACEs that permit all the requested access rights, or till any of the requested access rights ar denied. For additional data, see however DACLs management Access to associate Object. For data concerning the way to properly produce a DACL, see making a DACL.
A system access management list (SACL) allows directors to log tries to access a secured object. every ACE specifies the categories of access tries by a nominal trustee that cause the system to come up with a record within the security event log. associate ACE {in a|during a|in associate exceedingly|in a very} SACL will generate audit records once an access try fails, once it succeeds, or both. For additional data concerning SACLs, see Audit Generation and SACL Access Right.
Do not {try to|attempt to|try associated} work directly with the contents of an ACL. to make sure that ACLs ar semantically correct, use the suitable functions to form and manipulate ACLs. For additional data, see obtaining data from associate ACL associated making or Modifying an ACL.
ACLs additionally give access management to Microsoft Active Directory directory service objects. Active Directory Service Interfaces (ADSI) embrace routines to form and modify the contents of those ACLs. For additional data, see dominant Access to Active Directory Objects.

The SetAccessControl method for directory applies access management list (ACL) entries to a file that represents the noninherited ACL list.
The ACL such for the directorySecurity parameter replaces the present ACL for the directory to feature permissions for a brand new user, use the GetAccessControl methodology to get the present ACL and modify it.

The SetAccessControl methodology persists solely DirectorySecurity objects that are changed once object creation. If a DirectorySecurity object has not been changed, it’ll not be persisted to a file. Therefore, it’s unattainable to retrieve a DirectorySecurity object from one file and reapply a similar object to a different file.
To copy ACL info from one file to another:
Use the GetAccessControl methodology to retrieve the DirectorySecurity object from the supply file.
Create a brand new DirectorySecurity object for the destination file.
Use the GetSecurityDescriptorBinaryForm or GetSecurityDescriptorSddlForm methodology of the supply DirectorySecurity object to retrieve the ACL info.
Use the SetSecurityDescriptorBinaryForm or SetSecurityDescriptorSddlForm methodology to repeat the knowledge retrieved in step three to the destination DirectorySecurity object.
Set the destination DirectorySecurity object to the destination file exploitation the SetAccessControl methodology.
In NTFS environments, ReadAttributes and ReadExtendedAttributes area unit granted to the user if the user has ListDirectory rights on the parent folder. To deny ReadAttributes and ReadExtendedAttributes, deny ListDirectory on the parent directory.
Let’s take an example of unhiding and unhiding a file

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.IO;
using System.Security.AccessControl;
using System.Security.Permissions;
using System.Security;

namespace ACL
class applyACL
public static void Main()
string directoryPath = @”d:\test.xml”;

// Provides attributes for file and directory
FileAttributes fileAttributes = File.GetAttributes(directoryPath);

if ((fileAttributes & FileAttributes.Hidden) == FileAttributes.Hidden)
//Unhide a file
fileAttributes = RemoveAttribute(fileAttributes, FileAttributes.Hidden);
File.SetAttributes(directoryPath, fileAttributes);
Console.WriteLine(“The {0} file is no longer hidden.”, directoryPath);
// Hide the file.
File.SetAttributes(directoryPath, File.GetAttributes(directoryPath) | FileAttributes.Hidden);
Console.WriteLine(“The {0} file is now hidden.”, directoryPath);

private static FileAttributes RemoveAttribute(FileAttributes attributes, FileAttributes attributesToRemove)
return attributes & ~attributesToRemove;

Syed Adeel Ahmed
Syed Adeel Ahmed
Analyst, Programmer, Educationist and Blogger at Technofranchise
Computer Systems Engineer from Sir Syed University Of Engineering & Technology.I am passionate about all types of programming.

Published by

Syed Adeel Ahmed

Computer Systems Engineer from Sir Syed University Of Engineering & Technology.I am passionate about all types of programming.

Leave a Reply