System.IO.FileSystem.AccessControl

Provides Windows-specific static extension methods for manipulating Access Control List (ACL) security attributes for files and directories.

Creates a new directory, ensuring it is created with the specified directory security. If the directory already exists, nothing is done.

A directory that does not exist yet that will be created by the method. The access control and audit security for the directory. or is . Could not find a part of the path. Access to the path is denied.

Creates a new file stream, ensuring it is created with the specified properties and security settings.

A file that does not exist yet that will be created by the method. One of the enumeration values that specifies how the operating system should open a file. One of the enumeration values that defines the access rights to use when creating access and audit rules. One of the enumeration values for controlling the kind of access other file stream objects can have to the same file. The number of bytes buffered for reads and writes to the file. One of the enumeration values that describes how to create or overwrite the file. An object that determines the access control and audit security for the file. The and combination is invalid. or is . or are out of their legal enum range. -or- is not a positive number. Could not find a part of the path. An I/O error occurred. Access to the path is denied. A file stream for the newly created file.

Creates a directory and returns it, ensuring it is created with the specified directory security. If the directory already exists, the existing directory is returned.

An object that determines the access control and audit security for the directory. The path of the directory to create. or is . is empty. Could not find a part of the path. Access to the path is denied. A directory information object representing either a created directory with the provided security properties, or the existing directory.

Returns the security information of a directory.

The existing directory from which to obtain the security information. The security descriptors of all the access control sections of the directory.

Returns the security information of a directory.

An existing directory from which to obtain the security information. The desired access control sections to retrieve. The security descriptors of the specified access control sections of the directory.

Returns the security information of a file.

The file from which to obtain the security information. The security descriptors of all the access control sections of the file.

Returns the security information of a file.

An existing file from which to obtain the security information. The desired access control sections to retrieve from the file. The security descriptors of the specified access control sections of the file.

Returns the security information of a file.

An existing file from which to obtain the security information. is . The file stream is closed. The security descriptors of all the access control sections of the file.

Changes the security attributes of an existing directory.

An existing directory. The security information to apply to the directory. is .

Changes the security attributes of an existing file.

An existing file. The security information to apply to the file. is .

Changes the security attributes of an existing file.

An existing file. The security information to apply to the file. or is . The file stream is closed.

Provides the ability to control access to directory objects without direct manipulation of Access Control Lists (ACLs).

Initializes a new instance of the class.

Initializes a new instance of the class with the specified security descriptor.

The security descriptor to be associated with the new object.

Initializes a new instance of the class with the specified values.

The identity to which the access rule applies. It must be an object that can be cast as a . The access mask of this rule. The access mask is a 32-bit collection of anonymous bits, the meaning of which is defined by the individual integrators. true if this rule is inherited from a parent container. Specifies the inheritance properties of the access rule. Specifies whether inherited access rules are automatically propagated. The propagation flags are ignored if is set to . Specifies the valid access control type. The identity of the class of objects to which the new access rule applies. The identity of the class of child objects which can inherit the new access rule. The object that this method creates.

Adds the specified access rule to the Discretionary Access Control List (DACL) associated with this object.

The access rule to add.

Adds the specified audit rule to the System Access Control List (SACL) associated with this object.

The audit rule to add.

Initializes a new instance of the class with the specified values.

The identity to which the audit rule applies. It must be an object that can be cast as a . The access mask of this rule. The access mask is a 32-bit collection of anonymous bits, the meaning of which is defined by the individual integrators. if this rule is inherited from a parent container. Specifies the inheritance properties of the audit rule. Specifies whether inherited audit rules are automatically propagated. The propagation flags are ignored if is set to . Specifies the conditions for which the rule is audited. The identity of the class of objects to which the new audit rule applies. The identity of the class of child objects which can inherit the new audit rule. The object that this method creates.

Gets a collection of the access rules associated with the specified security identifier.

to include access rules explicitly set for the object. to include inherited access rules. The security identifier for which to retrieve access rules. This must be an object that can be cast as a object. The collection of access rules associated with the specified object.

Gets a collection of the audit rules associated with the specified security identifier.

to include audit rules explicitly set for the object. to include inherited audit rules. The security identifier for which to retrieve audit rules. This must be an object that can be cast as a object. The collection of audit rules associated with the specified object.

Applies the specified modification to the Discretionary Access Control List (DACL) associated with this object.

The modification to apply to the DACL. The access rule to modify. if the DACL is successfully modified; otherwise, . if the DACL is successfully modified; otherwise, .

Applies the specified modification to the System Access Control List (SACL) associated with this object.

The modification to apply to the SACL. The audit rule to modify. if the SACL is successfully modified; otherwise, . if the SACL is successfully modified; otherwise, .

Removes access rules that contain the same security identifier and access mask as the specified access rule from the Discretionary Access Control List (DACL) associated with this object.

The access rule to remove. if the access rule was successfully removed; otherwise, .

Removes all access rules that have the same security identifier as the specified access rule from the Discretionary Access Control List (DACL) associated with this object.

The access rule to remove.

Removes all access rules that exactly match the specified access rule from the Discretionary Access Control List (DACL) associated with this object.

The access rule to remove.

Removes audit rules that contain the same security identifier and access mask as the specified audit rule from the System Access Control List (SACL) associated with this object.

The audit rule to remove. if the audit rule was successfully removed; otherwise, .

Removes all audit rules that have the same security identifier as the specified audit rule from the System Access Control List (SACL) associated with this object.

The audit rule to remove.

Removes all audit rules that exactly match the specified audit rule from the System Access Control List (SACL) associated with this object.

The audit rule to remove.

Removes all access rules in the Discretionary Access Control List (DACL) associated with this object and then adds the specified access rule.

The access rule to reset.

Removes all access rules that contain the same security identifier and qualifier as the specified access rule in the Discretionary Access Control List (DACL) associated with this object and then adds the specified access rule.

The access rule to set.

Removes all audit rules that contain the same security identifier and qualifier as the specified audit rule in the System Access Control List (SACL) associated with this object and then adds the specified audit rule.

The audit rule to set.

Represents the access control and audit security for a directory. This class cannot be inherited.

Initializes a new instance of the class.

The current operating system is not Microsoft Windows 2000 or later.

Initializes a new instance of the class from a specified directory using the specified values of the enumeration.

The location of a directory to create a object from. One of the values that specifies the type of access control list (ACL) information to retrieve. The parameter is a zero-length string, contains only white space, or contains one or more invalid characters as defined by . The parameter is . The specified path is invalid, (for example, it is on an unmapped drive). The file specified in the parameter was not found. An I/O error occurred while opening the directory. The parameter is in an invalid format. The current operating system is not Microsoft Windows 2000 or later. The specified path, file name, or both exceed the system-defined maximum length. The current system account does not have administrative privileges. The directory could not be found. The parameter specified a directory that is read-only. -or- This operation is not supported on the current platform. -or- The caller does not have the required permission.

Represents the access control and audit security for a file. This class cannot be inherited.

Initializes a new instance of the class.

The current operating system is not Microsoft Windows 2000 or later.

Initializes a new instance of the class from a specified file using the specified values of the enumeration.

The location of a file to create a object from. One of the values that specifies the type of access control list (ACL) information to retrieve. The parameter is a zero-length string, contains only white space, or contains one or more invalid characters as defined by . The specified path is invalid, (for example, it is on an unmapped drive). The file specified in the parameter was not found. An I/O error occurred while opening the file. is in an invalid format. The parameter is . The current operating system is not Microsoft Windows 2000 or later. The specified path, file name, or both exceed the system-defined maximum length. The current system account does not have administrative privileges. The file could not be found. The parameter specified a file that is read-only. -or- This operation is not supported on the current platform. -or- The parameter specified a directory. -or- The caller does not have the required permission.

Represents an abstraction of an access control entry (ACE) that defines an access rule for a file or directory. This class cannot be inherited.

Initializes a new instance of the class using a reference to a user account, a value that specifies the type of operation associated with the access rule, and a value that specifies whether to allow or deny the operation.

An object that encapsulates a reference to a user account. One of the values that specifies the type of operation associated with the access rule. One of the values that specifies whether to allow or deny the operation. The parameter is not an object. The parameter is . An incorrect enumeration was passed to the parameter.

Initializes a new instance of the class using a reference to a user account, a value that specifies the type of operation associated with the access rule, a value that determines how rights are inherited, a value that determines how rights are propagated, and a value that specifies whether to allow or deny the operation.

An object that encapsulates a reference to a user account. One of the values that specifies the type of operation associated with the access rule. One of the values that specifies how access masks are propagated to child objects. One of the values that specifies how Access Control Entries (ACEs) are propagated to child objects. One of the values that specifies whether to allow or deny the operation. The parameter is not an object. The parameter is . An incorrect enumeration was passed to the parameter. -or- An incorrect enumeration was passed to the parameter. -or- An incorrect enumeration was passed to the parameter.

Initializes a new instance of the class using the name of a user account, a value that specifies the type of operation associated with the access rule, and a value that describes whether to allow or deny the operation.

The name of a user account. One of the values that specifies the type of operation associated with the access rule. One of the values that specifies whether to allow or deny the operation. The parameter is . An incorrect enumeration was passed to the parameter.

Initializes a new instance of the class using the name of a user account, a value that specifies the type of operation associated with the access rule, a value that determines how rights are inherited, a value that determines how rights are propagated, and a value that specifies whether to allow or deny the operation.

The name of a user account. One of the values that specifies the type of operation associated with the access rule. One of the values that specifies how access masks are propagated to child objects. One of the values that specifies how Access Control Entries (ACEs) are propagated to child objects. One of the values that specifies whether to allow or deny the operation. The parameter is . An incorrect enumeration was passed to the parameter. -or- An incorrect enumeration was passed to the parameter. -or- An incorrect enumeration was passed to the parameter.

Gets the flags associated with the current object.

The flags associated with the current object.

Represents an abstraction of an access control entry (ACE) that defines an audit rule for a file or directory. This class cannot be inherited.

Initializes a new instance of the class using a reference to a user account, a value that specifies the type of operation associated with the audit rule, and a value that specifies when to perform auditing.

An object that encapsulates a reference to a user account. One of the values that specifies the type of operation associated with the audit rule. One of the values that specifies when to perform auditing. The parameter is not an object. The parameter is . An incorrect enumeration was passed to the parameter. -or- The value was passed to the parameter.

Initializes a new instance of the class using the name of a reference to a user account, a value that specifies the type of operation associated with the audit rule, a value that determines how rights are inherited, a value that determines how rights are propagated, and a value that specifies when to perform auditing.

An object that encapsulates a reference to a user account. One of the values that specifies the type of operation associated with the audit rule. One of the values that specifies how access masks are propagated to child objects. One of the values that specifies how Access Control Entries (ACEs) are propagated to child objects. One of the values that specifies when to perform auditing. The parameter is not an object. The parameter is . An incorrect enumeration was passed to the parameter. -or- The value was passed to the parameter.

Initializes a new instance of the class using a user account name, a value that specifies the type of operation associated with the audit rule, and a value that specifies when to perform auditing.

The name of a user account. One of the values that specifies the type of operation associated with the audit rule. One of the values that specifies when to perform auditing. An incorrect enumeration was passed to the parameter. -or- The value was passed to the parameter.

Initializes a new instance of the class using the name of a user account, a value that specifies the type of operation associated with the audit rule, a value that determines how rights are inherited, a value that determines how rights are propagated, and a value that specifies when to perform auditing.

The name of a user account. One of the values that specifies the type of operation associated with the audit rule. One of the values that specifies how access masks are propagated to child objects. One of the values that specifies how Access Control Entries (ACEs) are propagated to child objects. One of the values that specifies when to perform auditing.

Gets the flags associated with the current object.

The flags associated with the current object.

Defines the access rights to use when creating access and audit rules.

Specifies the right to append data to the end of a file.

Specifies the right to change the security and audit rules associated with a file or folder.

Specifies the right to create a folder This right requires the Synchronize value.

Specifies the right to create a file. This right requires the Synchronize value.

Specifies the right to delete a folder or file.

Specifies the right to delete a folder and any files contained within that folder.

Specifies the right to run an application file.

Specifies the right to exert full control over a folder or file, and to modify access control and audit rules. This value represents the right to do anything with a file and is the combination of all rights in this enumeration.

Specifies the right to read the contents of a directory.

Specifies the right to read, write, list folder contents, delete folders and files, and run application files. This right includes the right, the right, and the right.

Specifies the right to open and copy folders or files as read-only. This right includes the right, right, right, and right.

Specifies the right to open and copy folders or files as read-only, and to run application files. This right includes the right and the right.

Specifies the right to open and copy file system attributes from a folder or file. For example, this value specifies the right to view the file creation or modified date. This does not include the right to read data, extended file system attributes, or access and audit rules.

Specifies the right to open and copy a file or folder. This does not include the right to read file system attributes, extended file system attributes, or access and audit rules.

Specifies the right to open and copy extended file system attributes from a folder or file. For example, this value specifies the right to view author and content information. This does not include the right to read data, file system attributes, or access and audit rules.

Specifies the right to open and copy access and audit rules from a folder or file. This does not include the right to read data, file system attributes, and extended file system attributes.

Specifies whether the application can wait for a file handle to synchronize with the completion of an I/O operation. This value is automatically set when allowing access and automatically excluded when denying access.

Specifies the right to change the owner of a folder or file. Note that owners of a resource have full access to that resource.

Specifies the right to list the contents of a folder and to run applications contained within that folder.

Specifies the right to create folders and files, and to add or remove data from files. This right includes the right, right, right, and right.

Specifies the right to open and write file system attributes to a folder or file. This does not include the ability to write data, extended attributes, or access and audit rules.

Specifies the right to open and write to a file or folder. This does not include the right to open and write file system attributes, extended file system attributes, or access and audit rules.

Specifies the right to open and write extended file system attributes to a folder or file. This does not include the ability to write data, attributes, or access and audit rules.

Represents the access control and audit security for a file or directory.

Initializes a new instance of the class that represents a new access control rule for the specified user, with the specified access rights, access control, and flags.

An object that represents a user account. An integer that specifies an access type. if the access rule is inherited; otherwise, . One of the values that specifies how to propagate access masks to child objects. One of the values that specifies how to propagate Access Control Entries (ACEs) to child objects. One of the values that specifies whether access is allowed or denied. The , , , or parameters specify an invalid value. The parameter is . -or- The parameter is zero. The parameter is neither of type , nor of a type such as that can be converted to type . A new object that represents a new access control rule for the specified user, with the specified access rights, access control, and flags.

Adds the specified access control list (ACL) permission to the current file or directory.

A object that represents an access control list (ACL) permission to add to a file or directory. The parameter is .

Adds the specified audit rule to the current file or directory.

A object that represents an audit rule to add to a file or directory. The parameter is .

Initializes a new instance of the class representing the specified audit rule for the specified user.

An object that represents a user account. An integer that specifies an access type. if the access rule is inherited; otherwise, . One of the values that specifies how to propagate access masks to child objects. One of the values that specifies how to propagate Access Control Entries (ACEs) to child objects. One of the values that specifies the type of auditing to perform. The , , , or properties specify an invalid value. The property is . -or- The property is zero. The property is neither of type , nor of a type such as that can be converted to type . A new object representing the specified audit rule for the specified user.

Removes all matching allow or deny access control list (ACL) permissions from the current file or directory.

A object that represents an access control list (ACL) permission to remove from a file or directory. The parameter is . if the access rule was removed; otherwise, .

Removes all access control list (ACL) permissions for the specified user from the current file or directory.

A object that specifies a user whose access control list (ACL) permissions should be removed from a file or directory. The parameter is .

Removes a single matching allow or deny access control list (ACL) permission from the current file or directory.

A object that specifies a user whose access control list (ACL) permissions should be removed from a file or directory. The parameter is .

Removes all matching allow or deny audit rules from the current file or directory.

A object that represents an audit rule to remove from a file or directory. The parameter is . if the audit rule was removed; otherwise,

Removes all audit rules for the specified user from the current file or directory.

A object that specifies a user whose audit rules should be removed from a file or directory. The parameter is .

Removes a single matching allow or deny audit rule from the current file or directory.

A object that represents an audit rule to remove from a file or directory. The parameter is .

Adds the specified access control list (ACL) permission to the current file or directory and removes all matching ACL permissions.

A object that represents an access control list (ACL) permission to add to a file or directory. The parameter is .

Sets the specified access control list (ACL) permission for the current file or directory.

A object that represents an access control list (ACL) permission to set for a file or directory. The parameter is .

Sets the specified audit rule for the current file or directory.

A object that represents an audit rule to set for a file or directory. The parameter is .

Gets the enumeration that the class uses to represent access rights.

A object representing the enumeration.

Gets the enumeration that the class uses to represent access rules.

A object representing the class.

Gets the type that the class uses to represent audit rules.

A object representing the class.