Page 1 of 1

Setting Read/Write access

PostPosted: Sat Jul 11, 2009 4:42 pm
by ScottC
How do I set rights on a folder to allow "Read" and "Write" access but not "List folder contents" or "Execute"?

Code: Select all
  With FileSecurity(Path).DACL do
    begin
      Clear;
      NewItem(Account('S-1-5-11'), GENERIC_All, atAllowed, [afObjectInherit, afContainerInherit]);
    end;


I am able to set full rights with this code but I need to limit the users to have only read/write access.

I need the security to be like this.

Image

PostPosted: Mon Jul 13, 2009 6:23 pm
by madshi
Hello,

the problem with this is that the exact flag combination sometimes even differs between different OSs. Your best bet would be to configure a dummy folder the way you want it to be and then use madSecurity to list the contents of the ACL. That way you will know which flags the OS wants to have for the given configuration. You need to replace GENERIC_ALL with something else.

PostPosted: Mon Jul 13, 2009 6:27 pm
by ScottC
Is there an example of how to list the contents of the ACL?

PostPosted: Fri Jul 17, 2009 6:36 am
by madshi
It's rather simple:

Code: Select all
with FileSecurity(Path).DACL do
  for i1 := 0 to ItemCount - 1 do
    ShowMessage(Items[i1].Account.Name + ' / ' + IntToHex(Items[i1].Access, 1));