当前位置:   article > 正文

权限设置相关,利用Microsoft.Win32.Security

microsoft.win32.security.windowsuser

DACL DACL(Discretionary Access Control List)
This is a list that controls who can do what with your server objects. An administrator can use DCOMCNFG to configure the DACL.


DACL 类型编辑本段两种类型的ACL:自由决定的(DACL)和系统的


(SACL)。DACL管制对象访问,SACL管制审核。




 1 public   static  Boolean SetDirPermission(String strSitePath, String strUserName, ref   string  ErrorMsg) 
 2          {
 3
 4            Boolean bOk;
 5
 6            try 
 7            {
 8
 9                   // Directory.CreateDirectory(strSitePath);
10
11                SecurityDescriptor secDesc = SecurityDescriptor.GetFileSecurity(strSitePath, 
12
13SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
14
15                Dacl dacl = secDesc.Dacl;
16
17                Sid sidUser = new Sid (strUserName);
18
19 
20
21                // allow: folder, subfolder and files
22
23                // modify
24
25                dacl.AddAce (new AceAccessAllowed (sidUser, AccessType.GENERIC_ALL | AccessType.GENERIC_WRITE | 
26
27AccessType.GENERIC_READ | AccessType.DELETE | AccessType.GENERIC_EXECUTE , AceFlags.OBJECT_INHERIT_ACE | 
28
29AceFlags.CONTAINER_INHERIT_ACE));
30              
31
32                // deny: this folder
33
34                // write attribs
35
36                // write extended attribs
37
38                // delete
39
40                // change permissions
41
42                // take ownership
43//
44//                DirectoryAccessType DAType = DirectoryAccessType.DELETE | DirectoryAccessType.WRITE_OWNER | 
45
46DirectoryAccessType.WRITE_DAC;
47//
48//                AccessType AType = (AccessType)DAType;
49//
50//                dacl.AddAce (new AceAccessDenied (sidUser, AType));
51
52 
53
54                secDesc.SetDacl(dacl);
55
56                secDesc.SetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);
57
58                bOk = true;
59
60            }
 
61            catch (Exception ee)
62            {
63
64                ErrorMsg=ee.Message;
65                bOk=false;
66
67            }

68
69            return bOk;
70
71        }


SECURITY_INFORMATION

The SECURITY_INFORMATION type identifies the object-related security information being set or queried. This security information includes:

  • The owner of an object
  • The primary group of an object
  • The discretionary access control list (DACL) of an object
  • The system access control list (SACL) of an object
typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION;
Remarks

Windows 2000: New SECURITY_INFORMATION members only work with the SetNamedSecurityInfo function. These new members are not returned in the structure returned by other security functions such as GetNamedSecurityInfo or ConvertStringSecurityDescriptorToSecurityDescriptor.

Each item of security information is designated by a bit flag. The following values specify the bits.

ValueMeaning
DACL_SECURITY_INFORMATIONIndicates the DACL of the object is being referenced.
GROUP_SECURITY_INFORMATIONIndicates the primary group identifier of the object is being referenced.
OWNER_SECURITY_INFORMATIONIndicates the owner identifier of the object is being referenced.
PROTECTED_DACL_SECURITY_INFORMATIONWindows 2000/XP: Indicates the DACL cannot inherit ACEs.
PROTECTED_SACL_SECURITY_INFORMATIONWindows 2000/XP: Indicates the SACL cannot inherit ACEs.
SACL_SECURITY_INFORMATIONIndicates the SACL of the object is being referenced.
UNPROTECTED_DACL_SECURITY_INFORMATIONWindows 2000/XP: Indicates the DACL inherits ACEs from the parent object.
UNPROTECTED_SACL_SECURITY_INFORMATIONWindows 2000/XP: Indicates the SACL inherits ACEs from the parent object.

转载于:https://www.cnblogs.com/bluesky4485/archive/2008/03/06/1093544.html

声明:本文内容由网友自发贡献,转载请注明出处:【wpsshop】
推荐阅读
相关标签
  

闽ICP备14008679号