我在文件夹权限方面遇到了一些困难。
我基本上想将 AD 组添加到具有修改访问权限的文件夹,但然后限制它。
问题是我不知道如何申请许可 “仅限此文件夹”
目标是为主文件夹设置以下限制:
我找到了 AccessRule 类,但找不到有关如何使用 C# 执行此操作的任何详细信息
有人知道该怎么做吗?
我找到了解决办法。 这是代码和信息:
//set params for all access sets
AccessControlType DenyAccess = AccessControlType.Deny;
AccessControlType AllowAccess = AccessControlType.Allow;
InheritanceFlags inheritFlag = InheritanceFlags.None;
InheritanceFlags inheritFlag2 = InheritanceFlags.ContainerInherit;
InheritanceFlags inheritFlag3 = InheritanceFlags.ObjectInherit;
PropagationFlags propagationFlags = PropagationFlags.None;
FileSystemRights access = FileSystemRights.ChangePermissions;
FileSystemRights access2 = FileSystemRights.Delete;
FileSystemRights access3 = FileSystemRights.TakeOwnership;
FileSystemRights access4 = FileSystemRights.DeleteSubdirectoriesAndFiles;
FileSystemRights ReadAccess = FileSystemRights.ReadAndExecute;
FileSystemRights ModifyAccess = FileSystemRights.Modify;
DirectoryInfo info = new DirectoryInfo(strPath);
DirectorySecurity security = info.GetAccessControl();
//set read right for group
NTAccount GroupRead = new NTAccount(StrDomain, strGroupRead);
security.AddAccessRule(new FileSystemAccessRule(GroupRead, ReadAccess, inheritFlag2, propagationFlags, AllowAccess));
security.AddAccessRule(new FileSystemAccessRule(GroupRead, ReadAccess, inheritFlag3, propagationFlags, AllowAccess));
//set Modify right for group
NTAccount GroupModify = new NTAccount(StrDomain, strGoupModify);
security.AddAccessRule(new FileSystemAccessRule(GroupModify, ModifyAccess, inheritFlag2, propagationFlags, AllowAccess));
security.AddAccessRule(new FileSystemAccessRule(GroupModify, ModifyAccess, inheritFlag3, propagationFlags, AllowAccess));
//set special right group
security.AddAccessRule(new FileSystemAccessRule(groupModify, access, inheritFlag, propagationFlags, DenyAccess)); //ChangePermission
security.AddAccessRule(new FileSystemAccessRule(groupModify, access2, inheritFlag, propagationFlags, DenyAccess)); //Delete
security.AddAccessRule(new FileSystemAccessRule(groupModify, access3, inheritFlag, propagationFlags, DenyAccess)); //Ownership
security.AddAccessRule(new FileSystemAccessRule(groupModify, access4, inheritFlag, propagationFlags, DenyAccess)); //Delete subfiles and folders
//add rights to folder
info.SetAccessControl(security);
这为您提供了一个带有读取和修改组的文件夹,修改组无法删除主文件夹,并且成员也无法获得该文件夹的所有权,也无法更改其权限。
干杯
您可能想改进您发布的问题,以便将来查看该问题的人能够更好地了解您的问题以及您迄今为止所尝试的内容。