• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1341
  • Last Modified:

vb.net adding permissions to a folder for multiple users? help me with this code please

This procedure works great for adding ONE user to a folder but if I run it for multiple times (one for each user) it overwrites the security of the whole folder. Is there a way to just append the rights without overwriting everything?


Imports System.Security.AccessControl

    Friend Enum DirectoryPermission
        Full
        Modify
        AllExceptModifyAndFull
        AllExceptFull
        ReadAndExecute
        ListContents
        Read
        Write
        Custom
        None
    End Enum

Private Sub SetDirectoryPermissions(ByVal Directory As String, ByVal Permissions As DirectoryPermission, Optional ByVal Domain As String = Nothing, Optional ByVal User As String = Nothing, Optional ByVal Custom As Long = 0)
        ' Get the ACL for the directory just created
        Dim oACL As Security.AccessControl.DirectorySecurity = IO.Directory.GetAccessControl(IO.Path.GetDirectoryName(Directory), Security.AccessControl.AccessControlSections.Access)
        Dim lRights As Long = 0
        Dim lInheritance As Long


        'Dim oUserSid As Security.Principal.SecurityIdentifier
        'If Not IsNothing(Domain) AndAlso Not IsNothing(User) Then
        '    oUserSid = New Security.Principal.NTAccount(Domain, User).Translate(GetType(Security.Principal.SecurityIdentifier))
        'ElseIf Not IsNothing(User) Then
        '    oUserSid = New Security.Principal.NTAccount(User).Translate(GetType(Security.Principal.SecurityIdentifier))
        'Else
        '    ' Create a security Identifier for the BUILTIN\Users group to be passed to the new access rule
        '    oUserSid = New Security.Principal.SecurityIdentifier(Security.Principal.WellKnownSidType.BuiltinUsersSid, Nothing)
        'End If


        Dim oUserSid As Security.Principal.SecurityIdentifier
        Try
            oUserSid = New Security.Principal.NTAccount(Domain, User).Translate(GetType(Security.Principal.SecurityIdentifier))
        Catch
            frmDebug.Message(vbCrLf & "**** Unable to find user! ****" & vbCrLf)
            Exit Sub
        End Try



        Select Case Permissions
            Case DirectoryPermission.Full
                lRights = Security.AccessControl.FileSystemRights.FullControl
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.Modify
                lRights = Security.AccessControl.FileSystemRights.Modify Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.ReadAndExecute
                lRights = Security.AccessControl.FileSystemRights.ReadAndExecute Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.AllExceptModifyAndFull
                lRights = Security.AccessControl.FileSystemRights.Write Or Security.AccessControl.FileSystemRights.ReadAndExecute Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.AllExceptFull
                lRights = Security.AccessControl.FileSystemRights.Write Or Security.AccessControl.FileSystemRights.ReadAndExecute Or Security.AccessControl.FileSystemRights.Modify Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.ListContents
                lRights = Security.AccessControl.FileSystemRights.ReadAndExecute Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit
            Case DirectoryPermission.Read
                lRights = Security.AccessControl.FileSystemRights.Read Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.Write
                lRights = Security.AccessControl.FileSystemRights.Write Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.Custom
                lRights = Custom
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.None
                lRights = 0
                lInheritance = 0
        End Select

        ' Create the rule that needs to be added to the ACL
        Dim oRule As New Security.AccessControl.FileSystemAccessRule(oUserSid,
                                                                     lRights,
                                                                     lInheritance,
                                                                     Security.AccessControl.PropagationFlags.None,
                                                                     Security.AccessControl.AccessControlType.Allow)

        ' Add the new rule to our ACL
        oACL.AddAccessRule(oRule)
       



        ' Update the directory to include the new rules created
        System.IO.Directory.SetAccessControl(Directory, oACL)





    End Sub
0
WTarlton
Asked:
WTarlton
  • 3
  • 2
1 Solution
 
CodeCruiserCommented:
What happens if you change this

Dim oACL As Security.AccessControl.DirectorySecurity = IO.Directory.GetAccessControl(IO.Path.GetDirectoryName(Directory), Security.AccessControl.AccessControlSections.Access)

to

Dim oACL As Security.AccessControl.DirectorySecurity = IO.Directory.GetAccessControl(IO.Path.GetDirectoryName(Directory))

?
0
 
Meir RivkinFull stack Software EngineerCommented:
try the following function:
    Private Sub SetPermission(username As String, folder As String, fsRights As FileSystemRights)
        Dim di As DirectoryInfo = New DirectoryInfo(folder)
        Dim ds As DirectorySecurity = di.GetAccessControl()
        ds.AddAccessRule(New FileSystemAccessRule(username, fsRights, InheritanceFlags.ContainerInherit & InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow))
        di.SetAccessControl(ds)
    End Sub

Open in new window

0
 
WTarltonAuthor Commented:
Thanks for trying to help. Same behavior made no difference.
0
Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

 
Meir RivkinFull stack Software EngineerCommented:
example usage:

  SetPermission(Environment.MachineName & "\ASPNET", "c:\shared", FileSystemRights.Read & FileSystemRights.Write)

Open in new window

0
 
WTarltonAuthor Commented:
sedgwick,

That worked and was able to add multiple users. I had to change the InheritanceFlags.ContainerInherit & InheritanceFlags.ObjectInherit to InheritanceFlags.None because it threw an error.

One problem with this method however is that it is adding the rights as "Special Permissions" which I don't want.
0
 
WTarltonAuthor Commented:
Got it fixed! This is your code with the changes

 Private Sub SetPermission(username As String, folder As String, fsRights As FileSystemRights)
        Dim di As DirectoryInfo = New DirectoryInfo(folder)
        Dim ds As DirectorySecurity = di.GetAccessControl()
        ds.AddAccessRule(New FileSystemAccessRule(username, fsRights, Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow))
        di.SetAccessControl(ds)
    End Sub
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now