Re: Check permissions on Folder

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

If I'm understanding this correctly then I will need to walk through the
"FileSystemAccessRules" and accumulate what's allowed and denied. I will
also need to interpret if the user is a member of that group for each rule.
My understanding is that explicit rules take precedence over inherited rules
(can I tell the difference?). Also, denied take precedence over allowed. Do
I just assume owners have full control?

This just seems like a lot of work for something windows does for you when
you try to create, delete, modify files and folders. I can't help but think
there must be a better solution. I basically want the Effective Permissions
tab in Windows Explorer Properties. I've run across references to an
"AccessCheck" function (for Win32), but I have yet find anything
specifically for .NET. I suppose I could wrap the Win32 dlls, but I'm still
holding out for a .NET solution. Another solution I've been considering is
just creating a temporary files and folder in the folders I want to check
and catch exceptions to determine what's allow when I try to manipulate. Of
course I could end up littering files if I can't delete them.

Any additional comments are appreciated. Thank you.

-Fred

"Willy Denoyette [MVP]" <willy.denoyette@xxxxxxxxxx> wrote in message
news:eKAaQa32GHA.4932@xxxxxxxxxxxxxxxxxxxxxxx

"Fred W." <fredwemail-news@xxxxxxxxx> wrote in message
news:%23UtzDx22GHA.3344@xxxxxxxxxxxxxxxxxxxxxxx
|I suppose I don't need full control, but just "Read, Write, and Append"
| capability (Or perhaps you have another suggestion?).
|
| Which classes specifically? Do I need to call
"Directory.GetAccessControl"
| and then iterate through the "AccessRules" or is there a function I can
call
| to check for "Read, Write and Append" access on a directory. Thanks
|
| Fred
|
|
|

Following sample enumerates the ACE collection of a Directory object and
prints the FileSystemRights for the administrators group.


NTAccount acc = new NTAccount("administrators");
SecurityIdentifier secId = acc.Translate(typeof(SecurityIdentifier))
as SecurityIdentifier;
DirectoryInfo dInfo = new DirectoryInfo("c:\\");
DirectorySecurity dSecurity = dInfo.GetAccessControl();
AuthorizationRuleCollection rules = dSecurity.GetAccessRules(
true,
true,
typeof(SecurityIdentifier) );
foreach(FileSystemAccessRule ar in rules)
{
if(secId.CompareTo(ar.IdentityReference as SecurityIdentifier) ==
0)
Console.WriteLine(ar.FileSystemRights);
}

Hope it helps.

Willy.




.

Relevant Pages

  • Re: Check permissions on Folder
    ... | If I'm understanding this correctly then I will need to walk through the ... | "FileSystemAccessRules" and accumulate what's allowed and denied. ... | you try to create, delete, modify files and folders. ... the security API's are mainly meant to be used from ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Duplicate/False Mount Points
    ... I have looked for the supposed folders, but have only succeeded in finding ... the dreaded 'uninterruptible I/O' state. ... except cutting the power can kill them. ...
    (comp.sys.mac.system)
  • Re: Microsoft Outlook Contact Folders
    ... Hard to answer without a more clear understanding of exactly what you want ... If synchronizing with your Palm is your first priority, ... multiple Contact Folders or only the default folder. ...
    (microsoft.public.outlook.contacts)
  • {All Users} vs. {Default User} - Whats the Difference ?
    ... bit of difficulty understanding the difference between the two -- not in ... in terms of the intended purpose ... of these folders from the perspective of the operating system. ...
    (microsoft.public.windowsxp.general)
  • Re: Any way to ignore articles?
    ... Or am I not understanding ... filename starts with an article those are the letters that ... e.g. Storm, The, instead of The Storm. ... 5283 folders I'd like to change so that the article is ignored. ...
    (microsoft.public.windowsxp.basics)