Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, August 25, 2006 8:33 PM
Basically my app creates 4 folders that gives a specific user certain permissions.
I can create the folder find, and i can give the user the correct permissions, but by defaulse it has Apply To set to this folder only, so if the user creates a folder, they wont have permissions to access it.
I want to give it permissions that Apply to: This folder, subfolders, and files.
I have spent hours upon hours trying different things, and trying to find the answer anywhere. Any help is greatly appreciated.
Here is my code to create the folders:
string mailDataPath = "E:\Data\MailData\" + logonName;
string userDataPath = "E:\Data\UserData\" + logonName;
string userProfilePath = "E:\Data\UserProfile\" + logonName;
string userSharedPath = "E:\Data\UserShared\" + logonName;
path[0] = mailDataPath;
path[1] = userDataPath;
path[2] = userProfilePath;
path[3] = userSharedPath;
//If folders do not exists, create them.
for (int x = 0; x < pathAmount; x++)
{
if (!Directory.Exists(path[x]))
{
Directory.CreateDirectory(path[x]);
}
//Sets folder permissions dependant on which folder it is
if (path[x] != userProfilePath)
{
DirectoryInfo info = new DirectoryInfo(path[x]);
DirectorySecurity security = info.GetAccessControl();
security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.Modify, AccessControlType.Allow));
info.SetAccessControl(security);
}
else if (path[x] == userProfilePath)
{
DirectoryInfo info = new DirectoryInfo(path[x]);
DirectorySecurity security = info.GetAccessControl();
security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.FullControl, AccessControlType.Allow));
info.SetAccessControl(security);
}
All replies (10)
Monday, August 28, 2006 8:22 PM âś…Answered | 5 votes
Figured it out. It wasn't as difficult as i made it out to be.
I just need to use 2 access rules
DirectoryInfo info = new DirectoryInfo(path[x]);
DirectorySecurity security = info.GetAccessControl();
security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.Modify, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));
security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.Modify, InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
info.SetAccessControl(security);
this is the code for the setting of the permissions.
had to play around with it a bunch to get the correct inheritance.
Saturday, August 26, 2006 3:12 AM
I think it should apply those permission on the root folder instead of specifying it in each folder. The permissions are inherited from the parent.
As for this, I don't follow:
so if the user creates a folder, they wont have permissions to access it.
but they do have permission to access it since they created it and are the owner of that folder. Sorry, if I am misunderstanding (which I believe I am), please can you rephrase this?
Thanks!
Monday, August 28, 2006 2:42 PM
| ahmedilyas wrote: | |||
|
1. The problem with doing this to the root folder is that it is a folder that holds user information(there are four of them). For example one folder holds user profiles. I dont want to give everyone access to it, but rather just the user, and then the inherited groups from the root.
2. The user isnt creating the folder, the web application is creating it for the user, and it is supposed to set the correct permissions for the user to access it.
Any thoughts?
Thursday, February 8, 2007 9:35 PM
You are the MAN I spent hours looking for it and I was using ActiveDS but this is much easier
Wednesday, February 14, 2007 11:21 AM
thank you, this saved my day!
Tuesday, July 3, 2007 3:40 PM | 4 votes
Your solution was exactly what I was looking for. I'd like to suggest one improvement. You're adding two different access rules, and the only difference is that you're adding two different InheritanceFlags. If I'm not mistaken, you can write the two statements as one by using the pipe symbol (|):
security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.Modify, InheritanceFlags.ContainerInherit|InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
You can also use the pipe symbol to combine multiple kinds of FileSystemRights. This prevents you from duplicating code unnecessarily. Thanks!
Tuesday, July 3, 2007 5:08 PM
Thanks for your suggestion, I never knew you could do that with the pipe symbol, will definatly come in handy in the future.
Thursday, November 15, 2012 7:31 PM | 2 votes
Figured it out. It wasn't as difficult as i made it out to be.
I just need to use 2 access rules
DirectoryInfo info = new DirectoryInfo(path[x]);
DirectorySecurity security = info.GetAccessControl();
security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.Modify, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));
security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.Modify, InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
info.SetAccessControl(security);
this is the code for the setting of the permissions.
had to play around with it a bunch to get the correct inheritance.
Im sorry i dont realy understand. Where do i put this code? Is there a guide for were to put this? Thanks for your help! :)
Tuesday, December 30, 2014 3:30 PM
It's good and work fine. thanks.
Friday, March 9, 2018 5:06 AM
what is logonName name ??