Solved

vb.net adding permissions to a folder for multiple users? help me with this code please

Posted on 2013-01-10
6
1,192 Views
Last Modified: 2013-01-10
This procedure works great for adding ONE user to a folder but if I run it for multiple times (one for each user) it overwrites the security of the whole folder. Is there a way to just append the rights without overwriting everything?


Imports System.Security.AccessControl

    Friend Enum DirectoryPermission
        Full
        Modify
        AllExceptModifyAndFull
        AllExceptFull
        ReadAndExecute
        ListContents
        Read
        Write
        Custom
        None
    End Enum

Private Sub SetDirectoryPermissions(ByVal Directory As String, ByVal Permissions As DirectoryPermission, Optional ByVal Domain As String = Nothing, Optional ByVal User As String = Nothing, Optional ByVal Custom As Long = 0)
        ' Get the ACL for the directory just created
        Dim oACL As Security.AccessControl.DirectorySecurity = IO.Directory.GetAccessControl(IO.Path.GetDirectoryName(Directory), Security.AccessControl.AccessControlSections.Access)
        Dim lRights As Long = 0
        Dim lInheritance As Long


        'Dim oUserSid As Security.Principal.SecurityIdentifier
        'If Not IsNothing(Domain) AndAlso Not IsNothing(User) Then
        '    oUserSid = New Security.Principal.NTAccount(Domain, User).Translate(GetType(Security.Principal.SecurityIdentifier))
        'ElseIf Not IsNothing(User) Then
        '    oUserSid = New Security.Principal.NTAccount(User).Translate(GetType(Security.Principal.SecurityIdentifier))
        'Else
        '    ' Create a security Identifier for the BUILTIN\Users group to be passed to the new access rule
        '    oUserSid = New Security.Principal.SecurityIdentifier(Security.Principal.WellKnownSidType.BuiltinUsersSid, Nothing)
        'End If


        Dim oUserSid As Security.Principal.SecurityIdentifier
        Try
            oUserSid = New Security.Principal.NTAccount(Domain, User).Translate(GetType(Security.Principal.SecurityIdentifier))
        Catch
            frmDebug.Message(vbCrLf & "**** Unable to find user! ****" & vbCrLf)
            Exit Sub
        End Try



        Select Case Permissions
            Case DirectoryPermission.Full
                lRights = Security.AccessControl.FileSystemRights.FullControl
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.Modify
                lRights = Security.AccessControl.FileSystemRights.Modify Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.ReadAndExecute
                lRights = Security.AccessControl.FileSystemRights.ReadAndExecute Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.AllExceptModifyAndFull
                lRights = Security.AccessControl.FileSystemRights.Write Or Security.AccessControl.FileSystemRights.ReadAndExecute Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.AllExceptFull
                lRights = Security.AccessControl.FileSystemRights.Write Or Security.AccessControl.FileSystemRights.ReadAndExecute Or Security.AccessControl.FileSystemRights.Modify Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.ListContents
                lRights = Security.AccessControl.FileSystemRights.ReadAndExecute Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit
            Case DirectoryPermission.Read
                lRights = Security.AccessControl.FileSystemRights.Read Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.Write
                lRights = Security.AccessControl.FileSystemRights.Write Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.Custom
                lRights = Custom
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.None
                lRights = 0
                lInheritance = 0
        End Select

        ' Create the rule that needs to be added to the ACL
        Dim oRule As New Security.AccessControl.FileSystemAccessRule(oUserSid,
                                                                     lRights,
                                                                     lInheritance,
                                                                     Security.AccessControl.PropagationFlags.None,
                                                                     Security.AccessControl.AccessControlType.Allow)

        ' Add the new rule to our ACL
        oACL.AddAccessRule(oRule)
       



        ' Update the directory to include the new rules created
        System.IO.Directory.SetAccessControl(Directory, oACL)





    End Sub
0
Comment
Question by:WTarlton
  • 3
  • 2
6 Comments
 
LVL 83

Expert Comment

by:CodeCruiser
ID: 38763463
What happens if you change this

Dim oACL As Security.AccessControl.DirectorySecurity = IO.Directory.GetAccessControl(IO.Path.GetDirectoryName(Directory), Security.AccessControl.AccessControlSections.Access)

to

Dim oACL As Security.AccessControl.DirectorySecurity = IO.Directory.GetAccessControl(IO.Path.GetDirectoryName(Directory))

?
0
 
LVL 42

Accepted Solution

by:
sedgwick earned 500 total points
ID: 38763489
try the following function:
    Private Sub SetPermission(username As String, folder As String, fsRights As FileSystemRights)
        Dim di As DirectoryInfo = New DirectoryInfo(folder)
        Dim ds As DirectorySecurity = di.GetAccessControl()
        ds.AddAccessRule(New FileSystemAccessRule(username, fsRights, InheritanceFlags.ContainerInherit & InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow))
        di.SetAccessControl(ds)
    End Sub

Open in new window

0
 

Author Comment

by:WTarlton
ID: 38763494
Thanks for trying to help. Same behavior made no difference.
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 42

Expert Comment

by:sedgwick
ID: 38763500
example usage:

  SetPermission(Environment.MachineName & "\ASPNET", "c:\shared", FileSystemRights.Read & FileSystemRights.Write)

Open in new window

0
 

Author Comment

by:WTarlton
ID: 38763541
sedgwick,

That worked and was able to add multiple users. I had to change the InheritanceFlags.ContainerInherit & InheritanceFlags.ObjectInherit to InheritanceFlags.None because it threw an error.

One problem with this method however is that it is adding the rights as "Special Permissions" which I don't want.
0
 

Author Comment

by:WTarlton
ID: 38763558
Got it fixed! This is your code with the changes

 Private Sub SetPermission(username As String, folder As String, fsRights As FileSystemRights)
        Dim di As DirectoryInfo = New DirectoryInfo(folder)
        Dim ds As DirectorySecurity = di.GetAccessControl()
        ds.AddAccessRule(New FileSystemAccessRule(username, fsRights, Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow))
        di.SetAccessControl(ds)
    End Sub
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
reading excel file in .net 2 32
VB.NET - How to add, update and delete values directly to a SQL Database table 2 32
vb.net convert long time to mm:ss 23 22
c#, case, if 4 19
Creating an analog clock UserControl seems fairly straight forward.  It is, after all, essentially just a circle with several lines in it!  Two common approaches for rendering an analog clock typically involve either manually calculating points with…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question