Solved

vb.net adding permissions to a folder for multiple users? help me with this code please

Posted on 2013-01-10
6
1,097 Views
Last Modified: 2013-01-10
This procedure works great for adding ONE user to a folder but if I run it for multiple times (one for each user) it overwrites the security of the whole folder. Is there a way to just append the rights without overwriting everything?


Imports System.Security.AccessControl

    Friend Enum DirectoryPermission
        Full
        Modify
        AllExceptModifyAndFull
        AllExceptFull
        ReadAndExecute
        ListContents
        Read
        Write
        Custom
        None
    End Enum

Private Sub SetDirectoryPermissions(ByVal Directory As String, ByVal Permissions As DirectoryPermission, Optional ByVal Domain As String = Nothing, Optional ByVal User As String = Nothing, Optional ByVal Custom As Long = 0)
        ' Get the ACL for the directory just created
        Dim oACL As Security.AccessControl.DirectorySecurity = IO.Directory.GetAccessControl(IO.Path.GetDirectoryName(Directory), Security.AccessControl.AccessControlSections.Access)
        Dim lRights As Long = 0
        Dim lInheritance As Long


        'Dim oUserSid As Security.Principal.SecurityIdentifier
        'If Not IsNothing(Domain) AndAlso Not IsNothing(User) Then
        '    oUserSid = New Security.Principal.NTAccount(Domain, User).Translate(GetType(Security.Principal.SecurityIdentifier))
        'ElseIf Not IsNothing(User) Then
        '    oUserSid = New Security.Principal.NTAccount(User).Translate(GetType(Security.Principal.SecurityIdentifier))
        'Else
        '    ' Create a security Identifier for the BUILTIN\Users group to be passed to the new access rule
        '    oUserSid = New Security.Principal.SecurityIdentifier(Security.Principal.WellKnownSidType.BuiltinUsersSid, Nothing)
        'End If


        Dim oUserSid As Security.Principal.SecurityIdentifier
        Try
            oUserSid = New Security.Principal.NTAccount(Domain, User).Translate(GetType(Security.Principal.SecurityIdentifier))
        Catch
            frmDebug.Message(vbCrLf & "**** Unable to find user! ****" & vbCrLf)
            Exit Sub
        End Try



        Select Case Permissions
            Case DirectoryPermission.Full
                lRights = Security.AccessControl.FileSystemRights.FullControl
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.Modify
                lRights = Security.AccessControl.FileSystemRights.Modify Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.ReadAndExecute
                lRights = Security.AccessControl.FileSystemRights.ReadAndExecute Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.AllExceptModifyAndFull
                lRights = Security.AccessControl.FileSystemRights.Write Or Security.AccessControl.FileSystemRights.ReadAndExecute Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.AllExceptFull
                lRights = Security.AccessControl.FileSystemRights.Write Or Security.AccessControl.FileSystemRights.ReadAndExecute Or Security.AccessControl.FileSystemRights.Modify Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.ListContents
                lRights = Security.AccessControl.FileSystemRights.ReadAndExecute Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit
            Case DirectoryPermission.Read
                lRights = Security.AccessControl.FileSystemRights.Read Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.Write
                lRights = Security.AccessControl.FileSystemRights.Write Or Security.AccessControl.FileSystemRights.Synchronize
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.Custom
                lRights = Custom
                lInheritance = Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit
            Case DirectoryPermission.None
                lRights = 0
                lInheritance = 0
        End Select

        ' Create the rule that needs to be added to the ACL
        Dim oRule As New Security.AccessControl.FileSystemAccessRule(oUserSid,
                                                                     lRights,
                                                                     lInheritance,
                                                                     Security.AccessControl.PropagationFlags.None,
                                                                     Security.AccessControl.AccessControlType.Allow)

        ' Add the new rule to our ACL
        oACL.AddAccessRule(oRule)
       



        ' Update the directory to include the new rules created
        System.IO.Directory.SetAccessControl(Directory, oACL)





    End Sub
0
Comment
Question by:WTarlton
  • 3
  • 2
6 Comments
 
LVL 83

Expert Comment

by:CodeCruiser
ID: 38763463
What happens if you change this

Dim oACL As Security.AccessControl.DirectorySecurity = IO.Directory.GetAccessControl(IO.Path.GetDirectoryName(Directory), Security.AccessControl.AccessControlSections.Access)

to

Dim oACL As Security.AccessControl.DirectorySecurity = IO.Directory.GetAccessControl(IO.Path.GetDirectoryName(Directory))

?
0
 
LVL 42

Accepted Solution

by:
sedgwick earned 500 total points
ID: 38763489
try the following function:
    Private Sub SetPermission(username As String, folder As String, fsRights As FileSystemRights)
        Dim di As DirectoryInfo = New DirectoryInfo(folder)
        Dim ds As DirectorySecurity = di.GetAccessControl()
        ds.AddAccessRule(New FileSystemAccessRule(username, fsRights, InheritanceFlags.ContainerInherit & InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow))
        di.SetAccessControl(ds)
    End Sub

Open in new window

0
 

Author Comment

by:WTarlton
ID: 38763494
Thanks for trying to help. Same behavior made no difference.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 42

Expert Comment

by:sedgwick
ID: 38763500
example usage:

  SetPermission(Environment.MachineName & "\ASPNET", "c:\shared", FileSystemRights.Read & FileSystemRights.Write)

Open in new window

0
 

Author Comment

by:WTarlton
ID: 38763541
sedgwick,

That worked and was able to add multiple users. I had to change the InheritanceFlags.ContainerInherit & InheritanceFlags.ObjectInherit to InheritanceFlags.None because it threw an error.

One problem with this method however is that it is adding the rights as "Special Permissions" which I don't want.
0
 

Author Comment

by:WTarlton
ID: 38763558
Got it fixed! This is your code with the changes

 Private Sub SetPermission(username As String, folder As String, fsRights As FileSystemRights)
        Dim di As DirectoryInfo = New DirectoryInfo(folder)
        Dim ds As DirectorySecurity = di.GetAccessControl()
        ds.AddAccessRule(New FileSystemAccessRule(username, fsRights, Security.AccessControl.InheritanceFlags.ContainerInherit Or Security.AccessControl.InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow))
        di.SetAccessControl(ds)
    End Sub
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

A theme is a collection of property settings that allow you to define the look of pages and controls, and then apply the look consistently across pages in an application. Themes can be made up of a set of elements: skins, style sheets, images, and o…
Entering time in Microsoft Access can be difficult. An input mask often bothers users more than helping them and won't catch all typing errors. This article shows how to create a textbox for 24-hour time input with full validation politely catching …
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This video discusses moving either the default database or any database to a new volume.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now