Page 2 of 2

Re: Set permissions...

Posted: Tue May 17, 2016 9:57 pm
by Mark-
OK just to close it off and for others that might search for a solution.

I had to create a "Deny" ACE and also set the same permissions for the directory containing the file I do not want the user to delete. Also the permissions I selected prevent the user from modifying the directory contents (add or delete files). Added bonus, for me. :) Of course if the user has rights, the permission can be changed.

Code: Select all

procedure SetPermissions;     //set so user cannot delete files.
var
 s1:string;
 iACLObj:Iacl;
 iso:ISecurityObject;
begin
 s1:=<the complete file name and path>;

 iso:=FileSecurity(s1);
 iso.ProtectedDAcl:=false;
 iACLObj:=iso.DAcl;
 iACLObj.Deallocate;
 iACLObj.SetFileAccess(Everyone,false);
 iACLObj.InsertItem(NewAce(Everyone, _DELETE, atDenied));
 iACLObj.Flush;

 s1:=ExtractFileDir(s1);
 iso:=FileSecurity(s1);
 iso.ProtectedDAcl:=false;
 iACLObj:=iso.DAcl;
 iACLObj.Deallocate;
 iACLObj.SetFileAccess(Everyone,false);
 iACLObj.InsertItem(NewAce(Everyone, _DELETE, atDenied));
 iACLObj.Flush;
end;
Thanks for your help Mathias.

Re: Set permissions...

Posted: Wed May 18, 2016 7:04 am
by madshi
Good to hear you got it working!

Re: Set permissions...not working

Posted: Tue Nov 05, 2019 12:05 pm
by venkat_kgs
Hi madshi,

I tried your earlier suggestion in RIO version. And it is not creating "Everyone" group for a folder assigned by me. So the rights are not set
Folder exists

sFolder := 'C:\ProgramData\cc2' ;
FileSecurity(sFolder).DAcl.SetFileAccess(CurrentUser,true); //here write permission is also not set for the current user
FileSecurity(sFolder).DAcl.SetFileAccess(Everyone,True);

Can you help me with the solution?

Thanks in advance
Venkat

Re: Set permissions...

Posted: Tue Nov 12, 2019 3:52 pm
by madshi
Maybe your user doesn't have the privileges to modify the folder? You could debug the madSecurity source code to try to figure out what's going on.