Set permissions...

delphi package - easy access to security apis
Mark-
Posts: 20
Joined: Sat May 24, 2014 4:51 pm

Re: Set permissions...

Post by Mark- »

OK just to close it off and for others that might search for a solution.

I had to create a "Deny" ACE and also set the same permissions for the directory containing the file I do not want the user to delete. Also the permissions I selected prevent the user from modifying the directory contents (add or delete files). Added bonus, for me. :) Of course if the user has rights, the permission can be changed.

Code: Select all

procedure SetPermissions;     //set so user cannot delete files.
var
 s1:string;
 iACLObj:Iacl;
 iso:ISecurityObject;
begin
 s1:=<the complete file name and path>;

 iso:=FileSecurity(s1);
 iso.ProtectedDAcl:=false;
 iACLObj:=iso.DAcl;
 iACLObj.Deallocate;
 iACLObj.SetFileAccess(Everyone,false);
 iACLObj.InsertItem(NewAce(Everyone, _DELETE, atDenied));
 iACLObj.Flush;

 s1:=ExtractFileDir(s1);
 iso:=FileSecurity(s1);
 iso.ProtectedDAcl:=false;
 iACLObj:=iso.DAcl;
 iACLObj.Deallocate;
 iACLObj.SetFileAccess(Everyone,false);
 iACLObj.InsertItem(NewAce(Everyone, _DELETE, atDenied));
 iACLObj.Flush;
end;
Thanks for your help Mathias.
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Set permissions...

Post by madshi »

Good to hear you got it working!
venkat_kgs
Posts: 3
Joined: Wed Nov 25, 2009 7:59 am
Location: India

Re: Set permissions...not working

Post by venkat_kgs »

Hi madshi,

I tried your earlier suggestion in RIO version. And it is not creating "Everyone" group for a folder assigned by me. So the rights are not set
Folder exists

sFolder := 'C:\ProgramData\cc2' ;
FileSecurity(sFolder).DAcl.SetFileAccess(CurrentUser,true); //here write permission is also not set for the current user
FileSecurity(sFolder).DAcl.SetFileAccess(Everyone,True);

Can you help me with the solution?

Thanks in advance
Venkat
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Re: Set permissions...

Post by madshi »

Maybe your user doesn't have the privileges to modify the folder? You could debug the madSecurity source code to try to figure out what's going on.
Post Reply