我在文件夹权限方面有点挣扎。
我想基本上将 AD 组添加到具有修改访问权限的文件夹中,然后对其进行限制。
问题是我不知道如何申请权限 “仅此文件夹”
目标是对主文件夹设置以下限制:
我找到了 AccessRule 类,但找不到有关如何使用 C# 执行此操作的任何详细信息
有人知道怎么做吗?
答案 0 :(得分:0)
我找到了解决方案。 这是代码和信息:
//set params for all access sets
AccessControlType DenyAccess = AccessControlType.Deny;
AccessControlType AllowAccess = AccessControlType.Allow;
InheritanceFlags inheritFlag = InheritanceFlags.None;
InheritanceFlags inheritFlag2 = InheritanceFlags.ContainerInherit;
InheritanceFlags inheritFlag3 = InheritanceFlags.ObjectInherit;
PropagationFlags propagationFlags = PropagationFlags.None;
FileSystemRights access = FileSystemRights.ChangePermissions;
FileSystemRights access2 = FileSystemRights.Delete;
FileSystemRights access3 = FileSystemRights.TakeOwnership;
FileSystemRights access4 = FileSystemRights.DeleteSubdirectoriesAndFiles;
FileSystemRights ReadAccess = FileSystemRights.ReadAndExecute;
FileSystemRights ModifyAccess = FileSystemRights.Modify;
DirectoryInfo info = new DirectoryInfo(strPath);
DirectorySecurity security = info.GetAccessControl();
//set read right for group
NTAccount GroupRead = new NTAccount(StrDomain, strGroupRead);
security.AddAccessRule(new FileSystemAccessRule(GroupRead, ReadAccess, inheritFlag2, propagationFlags, AllowAccess));
security.AddAccessRule(new FileSystemAccessRule(GroupRead, ReadAccess, inheritFlag3, propagationFlags, AllowAccess));
//set Modify right for group
NTAccount GroupModify = new NTAccount(StrDomain, strGoupModify);
security.AddAccessRule(new FileSystemAccessRule(GroupModify, ModifyAccess, inheritFlag2, propagationFlags, AllowAccess));
security.AddAccessRule(new FileSystemAccessRule(GroupModify, ModifyAccess, inheritFlag3, propagationFlags, AllowAccess));
//set special right group
security.AddAccessRule(new FileSystemAccessRule(groupModify, access, inheritFlag, propagationFlags, DenyAccess)); //ChangePermission
security.AddAccessRule(new FileSystemAccessRule(groupModify, access2, inheritFlag, propagationFlags, DenyAccess)); //Delete
security.AddAccessRule(new FileSystemAccessRule(groupModify, access3, inheritFlag, propagationFlags, DenyAccess)); //Ownership
security.AddAccessRule(new FileSystemAccessRule(groupModify, access4, inheritFlag, propagationFlags, DenyAccess)); //Delete subfiles and folders
//add rights to folder
info.SetAccessControl(security);
这为您提供了一个包含读取和修改组的文件夹,修改组不能删除主文件夹,成员也不能对其拥有所有权或更改其权限。
干杯