var
ISecObj: ISecurityObject;
IACLObj: Iacl;
begin
ISecObj := FileSecurity( 'C:\Test\123' );
IACLObj := ISecObj.DAcl;
IACLObj.NewItem(Account('test'),0,atAllowed,[afSuccessfulAccess]);
if IACLObj.Flush then
ShowMessage('Fush OK!')
else
ShowMessage('Fush NOT OK!');
I get a Flush OK but the the user TEST is not added.
And what should I write to set Change permissions?
I'd suggest using IACL.SetFileAccess. This makes it a lot easier for you. The access masks are quite complicated. There are multiple flags which must be ORed together to get proper "read" and "write" access. The method "SetFileAccess" encapsulates this kind of stuff for you.
madshi wrote:I'd suggest using IACL.SetFileAccess. This makes it a lot easier for you. The access masks are quite complicated. There are multiple flags which must be ORed together to get proper "read" and "write" access. The method "SetFileAccess" encapsulates this kind of stuff for you.
I tried that one, but it set to Full access and our users
should only have change permissions in homedirectory.
Do you have a more detailed description for the access masks?
I'm used to commandlines with many flags.
Another possibility would be to manually setup the ACL the way you want it and then use madSecurity to read out which access masks are contained in the ACL. Then you know the exact flag combination for what you want to achieve.
Another possibility would be to manually setup the ACL the way you want it and then use madSecurity to read out which access masks are contained in the ACL. Then you know the exact flag combination for what you want to achieve.
Thanks!
I used FindItem to locate a user, and the result I got for Change permission is 1245631, but when I add a new user with this
access mask the Apply Onto is set to This folder.
Is there anymore settings to change Apply Onto to This folder, subfolders and files?
If I manually set to This folder I get the same value, 1245631.
madshi wrote:You can try using the "afObjectInherit, afContainerInherit" flags. If that doesn't work, you might have to manually loop through the child objects...
Btw, I'd suggest using hexadecimal for the flags. That makes it much easier to see which flags are contained. That would be $1301BF.