Directory.GetAccessControl 方法

参考

定义

命名空间:: System.IO

程序集:: mscorlib.dll

重要

一些信息与预发行产品相关，相应产品在发行之前可能会进行重大修改。对于此处提供的信息，Microsoft 不作任何明示或暗示的担保。

返回某个目录的 Windows 访问控制列表 (ACL)。

重载

GetAccessControl(String)	获取 DirectorySecurity 对象，该对象封装指定目录的访问控制列表 (ACL) 项。
GetAccessControl(String, AccessControlSections)	获取一个 DirectorySecurity 对象，它封装指定目录的指定类型的访问控制列表 (ACL) 条目。

GetAccessControl(String)

获取 DirectorySecurity 对象，该对象封装指定目录的访问控制列表 (ACL) 项。

public:
 static System::Security::AccessControl::DirectorySecurity ^ GetAccessControl(System::String ^ path);

public static System.Security.AccessControl.DirectorySecurity GetAccessControl (string path);

static member GetAccessControl : string -> System.Security.AccessControl.DirectorySecurity

Public Shared Function GetAccessControl (path As String) As DirectorySecurity

参数

path: String

包含 DirectorySecurity 对象的目录路径，该对象描述文件的访问控制列表 (ACL) 信息。

DirectorySecurity

封装由 path 参数描述的文件的访问控制规则的对象。

例外

ArgumentNullException

path 参数为 null。

IOException

打开目录时发生 I/O 错误。

SystemException

出现系统级别错误，如找不到目录。特定异常可能是 SystemException 的子类。

UnauthorizedAccessException

path 参数指定只读的目录。

- 或 -

当前平台不支持此操作。

或

调用方没有所要求的权限。

示例

以下示例使用 GetAccessControl 和 SetAccessControl 方法 (ACL) 条目添加访问控制列表，然后从目录中删除 ACL 条目。你必须提供有效的用户或组帐户以运行此示例。

using namespace System;
using namespace System::IO;
using namespace System::Security::AccessControl;

// Adds an ACL entry on the specified directory for the
// specified account.
void AddDirectorySecurity(String^ directoryName, String^ account, 
     FileSystemRights rights, AccessControlType controlType)
{
    // Create a new DirectoryInfo object.
    DirectoryInfo^ dInfo = gcnew DirectoryInfo(directoryName);

    // Get a DirectorySecurity object that represents the
    // current security settings.
    DirectorySecurity^ dSecurity = dInfo->GetAccessControl();

    // Add the FileSystemAccessRule to the security settings.
    dSecurity->AddAccessRule( gcnew FileSystemAccessRule(account,
        rights, controlType));

    // Set the new access settings.
    dInfo->SetAccessControl(dSecurity);
}

// Removes an ACL entry on the specified directory for the
// specified account.
void RemoveDirectorySecurity(String^ directoryName, String^ account,
     FileSystemRights rights, AccessControlType controlType)
{
    // Create a new DirectoryInfo object.
    DirectoryInfo^ dInfo = gcnew DirectoryInfo(directoryName);

    // Get a DirectorySecurity object that represents the
    // current security settings.
    DirectorySecurity^ dSecurity = dInfo->GetAccessControl();

    // Add the FileSystemAccessRule to the security settings.
    dSecurity->RemoveAccessRule(gcnew FileSystemAccessRule(account,
        rights, controlType));

    // Set the new access settings.
    dInfo->SetAccessControl(dSecurity);
}    

int main()
{
    String^ directoryName = "TestDirectory";
    String^ accountName = "MYDOMAIN\\MyAccount";
    if (!Directory::Exists(directoryName))
    {
        Console::WriteLine("The directory {0} could not be found.", 
            directoryName);
        return 0;
    }
    try
    {
        Console::WriteLine("Adding access control entry for {0}",
            directoryName);

        // Add the access control entry to the directory.
        AddDirectorySecurity(directoryName, accountName,
            FileSystemRights::ReadData, AccessControlType::Allow);

        Console::WriteLine("Removing access control entry from {0}",
            directoryName);

        // Remove the access control entry from the directory.
        RemoveDirectorySecurity(directoryName, accountName, 
            FileSystemRights::ReadData, AccessControlType::Allow);

        Console::WriteLine("Done.");
    }
    catch (UnauthorizedAccessException^)
    {
        Console::WriteLine("You are not authorised to carry" +
            " out this procedure.");
    }
    catch (System::Security::Principal::
        IdentityNotMappedException^)
    {
        Console::WriteLine("The account {0} could not be found.", accountName);
    }
}

using System;
using System.IO;
using System.Security.AccessControl;

namespace FileSystemExample
{
    class DirectoryExample
    {
        public static void Main()
        {
            try
            {
                string DirectoryName = "TestDirectory";

                Console.WriteLine("Adding access control entry for " + DirectoryName);

                // Add the access control entry to the directory.
                AddDirectorySecurity(DirectoryName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Removing access control entry from " + DirectoryName);

                // Remove the access control entry from the directory.
                RemoveDirectorySecurity(DirectoryName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Done.");
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }

            Console.ReadLine();
        }

        // Adds an ACL entry on the specified directory for the specified account.
        public static void AddDirectorySecurity(string DirectoryName, string Account, FileSystemRights Rights, AccessControlType ControlType)
        {
            // Create a new DirectoryInfo object.
            DirectoryInfo dInfo = new DirectoryInfo(DirectoryName);

            // Get a DirectorySecurity object that represents the
            // current security settings.
            DirectorySecurity dSecurity = dInfo.GetAccessControl();

            // Add the FileSystemAccessRule to the security settings.
            dSecurity.AddAccessRule(new FileSystemAccessRule(Account,
                                                            Rights,
                                                            ControlType));

            // Set the new access settings.
            dInfo.SetAccessControl(dSecurity);
        }

        // Removes an ACL entry on the specified directory for the specified account.
        public static void RemoveDirectorySecurity(string DirectoryName, string Account, FileSystemRights Rights, AccessControlType ControlType)
        {
            // Create a new DirectoryInfo object.
            DirectoryInfo dInfo = new DirectoryInfo(DirectoryName);

            // Get a DirectorySecurity object that represents the
            // current security settings.
            DirectorySecurity dSecurity = dInfo.GetAccessControl();

            // Add the FileSystemAccessRule to the security settings.
            dSecurity.RemoveAccessRule(new FileSystemAccessRule(Account,
                                                            Rights,
                                                            ControlType));

            // Set the new access settings.
            dInfo.SetAccessControl(dSecurity);
        }
    }
}

open System
open System.IO
open System.Security.AccessControl

// Adds an ACL entry on the specified directory for the specified account.
let addDirectorySecurity fileName (account: string) rights controlType =
    // Create a new DirectoryInfo object.
    let dInfo = DirectoryInfo fileName

    // Get a DirectorySecurity object that represents the
    // current security settings.
    let dSecurity = dInfo.GetAccessControl()

    // Add the FileSystemAccessRule to the security settings.
    dSecurity.AddAccessRule(FileSystemAccessRule(account, rights, controlType))

    // Set the new access settings.
    dInfo.SetAccessControl dSecurity

// Removes an ACL entry on the specified directory for the specified account.
let removeDirectorySecurity fileName (account: string) rights controlType =
    // Create a new DirectoryInfo object.
    let dInfo = DirectoryInfo fileName

    // Get a DirectorySecurity object that represents the
    // current security settings.
    let dSecurity = dInfo.GetAccessControl()

    // Add the FileSystemAccessRule to the security settings.
    dSecurity.RemoveAccessRule(FileSystemAccessRule(account, rights, controlType)) |> ignore

    // Set the new access settings.
    dInfo.SetAccessControl dSecurity

try
    let DirectoryName = "TestDirectory"

    printfn $"Adding access control entry for {DirectoryName}"

    // Add the access control entry to the directory.
    addDirectorySecurity DirectoryName @"MYDOMAIN\MyAccount" FileSystemRights.ReadData AccessControlType.Allow

    printfn $"Removing access control entry from {DirectoryName}"

    // Remove the access control entry from the directory.
    removeDirectorySecurity DirectoryName @"MYDOMAIN\MyAccount" FileSystemRights.ReadData AccessControlType.Allow

    printfn "Done."
with e ->
    printfn $"{e}"

Imports System.IO
Imports System.Security.AccessControl



Module DirectoryExample

    Sub Main()
        Try
            Dim DirectoryName As String = "TestDirectory"

            Console.WriteLine("Adding access control entry for " + DirectoryName)

            ' Add the access control entry to the directory.
            AddDirectorySecurity(DirectoryName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Removing access control entry from " + DirectoryName)

            ' Remove the access control entry from the directory.
            RemoveDirectorySecurity(DirectoryName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Done.")
        Catch e As Exception
            Console.WriteLine(e)
        End Try

        Console.ReadLine()

    End Sub


    ' Adds an ACL entry on the specified directory for the specified account.
    Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
        ' Create a new DirectoryInfoobject.
        Dim dInfo As New DirectoryInfo(FileName)

        ' Get a DirectorySecurity object that represents the 
        ' current security settings.
        Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()

        ' Add the FileSystemAccessRule to the security settings. 
        dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))

        ' Set the new access settings.
        dInfo.SetAccessControl(dSecurity)

    End Sub


    ' Removes an ACL entry on the specified directory for the specified account.
    Sub RemoveDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
        ' Create a new DirectoryInfo object.
        Dim dInfo As New DirectoryInfo(FileName)

        ' Get a DirectorySecurity object that represents the 
        ' current security settings.
        Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()

        ' Add the FileSystemAccessRule to the security settings. 
        dSecurity.RemoveAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))

        ' Set the new access settings.
        dInfo.SetAccessControl(dSecurity)

    End Sub
End Module

注解

GetAccessControl使用方法检索目录的访问控制列表 (ACL) 条目。

ACL 描述对给定文件或目录具有或无权执行特定操作的个人和/或组。有关详细信息，请参阅如何：添加或删除访问控制列表条目。

在 NTFS 环境中，ReadAttributes如果用户对父文件夹具有ListDirectory权限，则会向用户授予和 ReadExtendedAttributes 。若要拒绝 ReadAttributes 和 ReadExtendedAttributes，请在父目录上拒绝 ListDirectory 。

适用于

GetAccessControl(String, AccessControlSections)

获取一个 DirectorySecurity 对象，它封装指定目录的指定类型的访问控制列表 (ACL) 条目。

public:
 static System::Security::AccessControl::DirectorySecurity ^ GetAccessControl(System::String ^ path, System::Security::AccessControl::AccessControlSections includeSections);

public static System.Security.AccessControl.DirectorySecurity GetAccessControl (string path, System.Security.AccessControl.AccessControlSections includeSections);

static member GetAccessControl : string * System.Security.AccessControl.AccessControlSections -> System.Security.AccessControl.DirectorySecurity

Public Shared Function GetAccessControl (path As String, includeSections As AccessControlSections) As DirectorySecurity

参数

path: String