How change file rigths
How change file rigths
Hello,
Are there any example for change ntfs rigths for files, for example
user1: allow read and write and deny delete
user2: allow delete
Thanks
Are there any example for change ntfs rigths for files, for example
user1: allow read and write and deny delete
user2: allow delete
Thanks
madSecurity allows you to manage several different security objects. NTFS rights is just one thing. What you want to do could look like this:
This would give write access to the user "SomeUser" to the file or directory "c:\blabla". What you're asking for is a bit more complicated. See here for detailed information from Microsoft:
http://windowssdk.msdn.microsoft.com/en ... 17875.aspx
http://windowssdk.msdn.microsoft.com/en ... 85569.aspx
E.g. to give a user the right for deletion, I think this should do the trick:
In order to block deletion right, you'd probably have to do this:
I've not tested this, though, it's just written from the top of my head. Please let me know if you run into any trouble this way. Please also when testing try these things first on a not-so-important test folder/file, so that you don't accidently remove your own access rights, so that Windows doesn't boot correctly, anymore!
Generally, there's an access control list. And you must be careful to not flood this list with too many contradicting items about the same user. So if you want to define access for a specific user, you might want to first delete any items in the ACL for this user by doing this:
Code: Select all
FileSecurity('c:\blabla').DAcl.SetFileAccess(Account('SomeUser'), true);
http://windowssdk.msdn.microsoft.com/en ... 17875.aspx
http://windowssdk.msdn.microsoft.com/en ... 85569.aspx
E.g. to give a user the right for deletion, I think this should do the trick:
Code: Select all
FileSecurity('c:\blabla').DAcl.NewItem(Account('SomeUser'), _DELETE);
Code: Select all
FileSecurity('c:\blabla').DAcl.NewItem(Account('SomeUser'), _DELETE, atDenied);
Generally, there's an access control list. And you must be careful to not flood this list with too many contradicting items about the same user. So if you want to define access for a specific user, you might want to first delete any items in the ACL for this user by doing this:
Code: Select all
DAcl.DeleteItems(Account('SomeUser'));
Code: Select all
procedure TForm1.Button1Click(Sender: TObject);
var ISecObj: ISecurityObject;
IACLObj: Iacl;
begin
ISecObj:=FileSecurity('c:\xxx.pdf');
IACLObj:=ISecObj.DAcl;
IACLObj.DeleteItems(Account('gerardo'));
ISecObj.DAcl.NewItem(Account('gerardo'), _DELETE, atDenied);
ISecObj.DAcl.NewItem(Account('gerardo'), GENERIC_READ);
ISecObj.DAcl.NewItem(Account('gerardo'), GENERIC_WRITE);
end;
procedure TForm1.Button2Click(Sender: TObject);
var ISecObj: ISecurityObject;
IACLObj: Iacl;
begin
ISecObj:=FileSecurity('c:\xxx.pdf');
IACLObj:=ISecObj.DAcl;
IACLObj.DeleteItems(Account('gerardo'));
ISecObj.DAcl.NewItem(Account('gerardo'), _DELETE);
ISecObj.DAcl.NewItem(Account('gerardo'), GENERIC_READ, atDenied);
ISecObj.DAcl.NewItem(Account('gerardo'), GENERIC_WRITE);
end;
I don´t see this message never.
Thanks
Please don't use "ISecObj.DAcl" three times after each other. Every time ISecObj has to create a new IAcl instance. Instead please use IACLObj all the time. That saves performance. Anyway...
The ACEs (items in the ACLs) need to have a specific order. I think the "deny" items need to come first. So for the "deny" item try this:
This adds the "deny" item at the beginning of the ACL, while IAcl.NewItem adds it on the end of the ACL.
The ACEs (items in the ACLs) need to have a specific order. I think the "deny" items need to come first. So for the "deny" item try this:
Code: Select all
IACLObj.InsertItem(NewAce(Account('gerardo'), GENERIC_READ, atDenied));
The same message
procedure TForm1.Button1Click(Sender: TObject);
var ISecObj: ISecurityObject;
IACLObj: Iacl;
begin
ISecObj:=FileSecurity('c:\xxx.pdf');
IACLObj:=ISecObj.DAcl;
IACLObj.DeleteItems(Account('gerardo'));
IACLObj.InsertItem(NewAce(Account('gerardo'), _DELETE, atDenied));
IACLObj.InsertItem(NewAce(Account('gerardo'), GENERIC_READ));
IACLObj.InsertItem(NewAce(Account('gerardo'), GENERIC_WRITE));
end;
procedure TForm1.Button2Click(Sender: TObject);
var ISecObj: ISecurityObject;
IACLObj: Iacl;
begin
ISecObj:=FileSecurity('c:\xxx.pdf');
IACLObj:=ISecObj.DAcl;
IACLObj.DeleteItems(Account('gerardo'));
IACLObj.InsertItem(NewAce(Account('gerardo'), GENERIC_READ, atDenied));
IACLObj.InsertItem(NewAce(Account('gerardo'), _DELETE));
IACLObj.InsertItem(NewAce(Account('gerardo'), GENERIC_WRITE));
end;
I see the same message, in the two buttons
var ISecObj: ISecurityObject;
IACLObj: Iacl;
begin
ISecObj:=FileSecurity('c:\xxx.pdf');
IACLObj:=ISecObj.DAcl;
IACLObj.DeleteItems(Account('gerardo'));
IACLObj.InsertItem(NewAce(Account('gerardo'), _DELETE, atDenied));
IACLObj.InsertItem(NewAce(Account('gerardo'), GENERIC_READ));
IACLObj.InsertItem(NewAce(Account('gerardo'), GENERIC_WRITE));
end;
procedure TForm1.Button2Click(Sender: TObject);
var ISecObj: ISecurityObject;
IACLObj: Iacl;
begin
ISecObj:=FileSecurity('c:\xxx.pdf');
IACLObj:=ISecObj.DAcl;
IACLObj.DeleteItems(Account('gerardo'));
IACLObj.InsertItem(NewAce(Account('gerardo'), GENERIC_READ, atDenied));
IACLObj.InsertItem(NewAce(Account('gerardo'), _DELETE));
IACLObj.InsertItem(NewAce(Account('gerardo'), GENERIC_WRITE));
end;
I see the same message, in the two buttons