locked
Create a folder with permissions set to This Folder, subfolders RRS feed

  • Question

  • Basically my app creates 4 folders that gives a specific user certain permissions.

    I can create the folder find, and i can give the user the correct permissions, but by defaulse it has Apply To set to this folder only, so if the user creates a folder, they wont have permissions to access it.

    I want to give it permissions that Apply to: This folder, subfolders, and files.

    I have spent hours upon hours trying different things, and trying to find the answer anywhere. Any help is greatly appreciated.

    Here is my code to create the folders:

    string mailDataPath = "E:\\Data\\MailData\\" + logonName;

    string userDataPath = "E:\\Data\\UserData\\" + logonName;

    string userProfilePath = "E:\\Data\\UserProfile\\" + logonName;

    string userSharedPath = "E:\\Data\\UserShared\\" + logonName;

    path[0] = mailDataPath;

    path[1] = userDataPath;

    path[2] = userProfilePath;

    path[3] = userSharedPath;

    //If folders do not exists, create them.

    for (int x = 0; x < pathAmount; x++)

    {

    if (!Directory.Exists(path[x]))

    {

    Directory.CreateDirectory(path[x]);

    }

    //Sets folder permissions dependant on which folder it is

    if (path[x] != userProfilePath)

    {

    DirectoryInfo info = new DirectoryInfo(path[x]);

    DirectorySecurity security = info.GetAccessControl();

    security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.Modify, AccessControlType.Allow));

    info.SetAccessControl(security);

    }

    else if (path[x] == userProfilePath)

    {

    DirectoryInfo info = new DirectoryInfo(path[x]);

    DirectorySecurity security = info.GetAccessControl();

    security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.FullControl, AccessControlType.Allow));

    info.SetAccessControl(security);

    }

    Friday, August 25, 2006 8:33 PM

Answers

  • Figured it out. It wasn't as difficult as i made it out to be.

    I just need to use 2 access rules

    DirectoryInfo info = new DirectoryInfo(path[x]);

    DirectorySecurity security = info.GetAccessControl();

    security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.Modify, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));

    security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.Modify, InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));

    info.SetAccessControl(security);

     

    this is the code for the setting of the permissions.

    had to play around with it a bunch to get the correct inheritance.

    Monday, August 28, 2006 8:22 PM

All replies

  • I think it should apply those permission on the root folder instead of specifying it in each folder. The permissions are inherited from the parent.

    As for this, I don't follow:

    so if the user creates a folder, they wont have permissions to access it.

    but they do have permission to access it since they created it and are the owner of that folder. Sorry, if I am misunderstanding (which I believe I am), please can you rephrase this?

    Thanks!

    Saturday, August 26, 2006 3:12 AM
  •  ahmedilyas wrote:

    1. I think it should apply those permission on the root folder instead of specifying it in each folder. The permissions are inherited from the parent.

    As for this, I don't follow:

    so if the user creates a folder, they wont have permissions to access it.

    2. but they do have permission to access it since they created it and are the owner of that folder. Sorry, if I am misunderstanding (which I believe I am), please can you rephrase this?

    Thanks!

    1. The problem with doing this to the root folder is that it is a folder that holds user information(there are four of them). For example one folder holds user profiles. I dont want to give everyone access to it, but rather just the user, and then the inherited groups from the root.

    2. The user isnt creating the folder, the web application is creating it for the user, and it is supposed to set the correct permissions for the user to access it.

    Any thoughts?

    Monday, August 28, 2006 2:42 PM
  • Figured it out. It wasn't as difficult as i made it out to be.

    I just need to use 2 access rules

    DirectoryInfo info = new DirectoryInfo(path[x]);

    DirectorySecurity security = info.GetAccessControl();

    security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.Modify, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));

    security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.Modify, InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));

    info.SetAccessControl(security);

     

    this is the code for the setting of the permissions.

    had to play around with it a bunch to get the correct inheritance.

    Monday, August 28, 2006 8:22 PM
  • You are the MAN I spent hours looking for it and I was using ActiveDS but this is much easier

     

    Thursday, February 8, 2007 9:35 PM
  • thank you, this saved my day!
    Wednesday, February 14, 2007 11:21 AM
  • Your solution was exactly what I was looking for.  I'd like to suggest one improvement.  You're adding two different access rules, and the only difference is that you're adding two different InheritanceFlags.  If I'm not mistaken, you can write the two statements as one by using the pipe symbol (|):

     

    security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.Modify, InheritanceFlags.ContainerInherit|InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));

     

    You can also use the pipe symbol to combine multiple kinds of FileSystemRights.  This prevents you from duplicating code unnecessarily.  Thanks!

    Tuesday, July 3, 2007 3:40 PM
  • Thanks for your suggestion, I never knew you could do that with the pipe symbol, will definatly come in handy in the future.
    Tuesday, July 3, 2007 5:08 PM
  • Figured it out. It wasn't as difficult as i made it out to be.

    I just need to use 2 access rules

    DirectoryInfo info = new DirectoryInfo(path[x]);

    DirectorySecurity security = info.GetAccessControl();

    security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.Modify, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow));

    security.AddAccessRule(new FileSystemAccessRule(logonName, FileSystemRights.Modify, InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));

    info.SetAccessControl(security);

     

    this is the code for the setting of the permissions.

    had to play around with it a bunch to get the correct inheritance.

    Im sorry i dont realy understand. Where do i put this code? Is there a guide for were to put this? Thanks for your help! :)
    Thursday, November 15, 2012 7:31 PM
  • It's good and work fine. thanks.
    Tuesday, December 30, 2014 3:30 PM
  • what is logonName name ??
    Friday, March 9, 2018 5:06 AM