Set permissions...

delphi package - easy access to security apis

Re: Set permissions...

Postby Mark- » Tue May 17, 2016 9:57 pm

OK just to close it off and for others that might search for a solution.

I had to create a "Deny" ACE and also set the same permissions for the directory containing the file I do not want the user to delete. Also the permissions I selected prevent the user from modifying the directory contents (add or delete files). Added bonus, for me. :) Of course if the user has rights, the permission can be changed.

Code: Select all
procedure SetPermissions;     //set so user cannot delete files.
var
 s1:string;
 iACLObj:Iacl;
 iso:ISecurityObject;
begin
 s1:=<the complete file name and path>;

 iso:=FileSecurity(s1);
 iso.ProtectedDAcl:=false;
 iACLObj:=iso.DAcl;
 iACLObj.Deallocate;
 iACLObj.SetFileAccess(Everyone,false);
 iACLObj.InsertItem(NewAce(Everyone, _DELETE, atDenied));
 iACLObj.Flush;

 s1:=ExtractFileDir(s1);
 iso:=FileSecurity(s1);
 iso.ProtectedDAcl:=false;
 iACLObj:=iso.DAcl;
 iACLObj.Deallocate;
 iACLObj.SetFileAccess(Everyone,false);
 iACLObj.InsertItem(NewAce(Everyone, _DELETE, atDenied));
 iACLObj.Flush;
end;


Thanks for your help Mathias.
Mark-
 
Posts: 15
Joined: Sat May 24, 2014 4:51 pm

Re: Set permissions...

Postby madshi » Wed May 18, 2016 7:04 am

Good to hear you got it working!
madshi
Site Admin
 
Posts: 10098
Joined: Sun Mar 21, 2004 5:25 pm

Re: Set permissions...not working

Postby venkat_kgs » Tue Nov 05, 2019 12:05 pm

Hi madshi,

I tried your earlier suggestion in RIO version. And it is not creating "Everyone" group for a folder assigned by me. So the rights are not set
Folder exists

sFolder := 'C:\ProgramData\cc2' ;
FileSecurity(sFolder).DAcl.SetFileAccess(CurrentUser,true); //here write permission is also not set for the current user
FileSecurity(sFolder).DAcl.SetFileAccess(Everyone,True);

Can you help me with the solution?

Thanks in advance
Venkat
venkat_kgs
 
Posts: 3
Joined: Wed Nov 25, 2009 7:59 am
Location: India

Re: Set permissions...

Postby madshi » Tue Nov 12, 2019 3:52 pm

Maybe your user doesn't have the privileges to modify the folder? You could debug the madSecurity source code to try to figure out what's going on.
madshi
Site Admin
 
Posts: 10098
Joined: Sun Mar 21, 2004 5:25 pm

Previous

Return to madSecurity

Who is online

Users browsing this forum: No registered users and 2 guests

cron