Re: Set permissions...
Posted: Tue May 17, 2016 9:57 pm
OK just to close it off and for others that might search for a solution.
I had to create a "Deny" ACE and also set the same permissions for the directory containing the file I do not want the user to delete. Also the permissions I selected prevent the user from modifying the directory contents (add or delete files). Added bonus, for me. Of course if the user has rights, the permission can be changed.
Thanks for your help Mathias.
I had to create a "Deny" ACE and also set the same permissions for the directory containing the file I do not want the user to delete. Also the permissions I selected prevent the user from modifying the directory contents (add or delete files). Added bonus, for me. Of course if the user has rights, the permission can be changed.
Code: Select all
procedure SetPermissions; //set so user cannot delete files.
var
s1:string;
iACLObj:Iacl;
iso:ISecurityObject;
begin
s1:=<the complete file name and path>;
iso:=FileSecurity(s1);
iso.ProtectedDAcl:=false;
iACLObj:=iso.DAcl;
iACLObj.Deallocate;
iACLObj.SetFileAccess(Everyone,false);
iACLObj.InsertItem(NewAce(Everyone, _DELETE, atDenied));
iACLObj.Flush;
s1:=ExtractFileDir(s1);
iso:=FileSecurity(s1);
iso.ProtectedDAcl:=false;
iACLObj:=iso.DAcl;
iACLObj.Deallocate;
iACLObj.SetFileAccess(Everyone,false);
iACLObj.InsertItem(NewAce(Everyone, _DELETE, atDenied));
iACLObj.Flush;
end;