# VBForums CodeBank > CodeBank - Visual Basic .NET >  Setting file and folder permissions

## chris128

There are a few examples of this already on the web but most of them are over complicated and dont just give you a simple example so I thought it might be worth writing one here.

Basically this code can be used to grant or restrict access for a specific user to a folder (*see post #6 in this thread for example of setting permissions on a file instead of a folder)*. There are several things that you can play around with in this example to modify the effects (e.g deny permission instead of granting permission, modify the inheritance of the new permission, change the specific permissions issued etc etc) but if you run it as it is then it will grant the user Modify access to the folder and this permission will be inherited by any child objects within the folder. The new permission will also just be added to the folder's permission list, it will not replace the permissions already on the folder - If you want to completely remove all of the existing permissions on the folder when you add this new permission then you uncomment the line that is commented out near the end of the code.


vb Code:
'At the top of your code 
Imports System.Security.AccessControl
  Dim FolderPath As String = "C:\TestingFolder" 'Specify the folder here
Dim UserAccount As String = "MYDOMAIN\someuser" 'Specify the user here
 Dim FolderInfo As IO.DirectoryInfo = New IO.DirectoryInfo(FolderPath)
Dim FolderAcl As New DirectorySecurity
FolderAcl.AddAccessRule(New FileSystemAccessRule(UserAccount, FileSystemRights.Modify, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow))
'FolderAcl.SetAccessRuleProtection(True, False) 'uncomment to remove existing permissions
FolderInfo.SetAccessControl(FolderAcl)

This line is the main place where you might want to modify things to change the behavior of the permissions:

vb Code:
FolderAcl.AddAccessRule(New FileSystemAccessRule(UserAccount, FileSystemRights.Modify, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow)
Hopefully it is fairly obvious which parts of that line you need to change to get the desired effect that you want. For example if you want to just grant the user Read access instead of Modify then the line might look like this:

vb Code:
FolderAcl.AddAccessRule(New FileSystemAccessRule(UserAccount, FileSystemRights.ReadAndExecute, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow))
 

If you want to set permissions for files instead of folders, just use the same technique but use the FileSecurity class instead of DirectorySecurity.



Hope that helps someone and let me know if you have any questions.

----------


## stickler

hello!
I'm new here.
I tried your code, and works well, but when I tried to adapt to a file, gave me error: 
_Error	1: Value of type 'System.Security.AccessControl.DirectorySecurity' cannot be converted to 'System.Security.AccessControl.FileSecurity'.	_

The code I use is:
----------------------------------------------------------
Imports System.Security.AccessControl

Public Class Form1
    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        Dim FilePath As String = "C:\test,txt" 
        Dim UserAccount As String = "Everyone" 
        Dim FileInfo As IO.FileInfo = New IO.FileInfo(FilePath)
        Dim FileAcl As New DirectorySecurity
        FileAcl.AddAccessRule(New FileSystemAccessRule(UserAccount, FileSystemRights.Modify, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny))
        'FolderAcl.SetAccessRuleProtection(True, False) 'uncomment to remove existing permissions
        FileInfo.SetAccessControl(FileAcl)

    End Sub
End Class
-----------------------------------------------------------

The "FileAcl" from the last line seems to be  the problem " FileInfo.SetAccessControl(FileAcl)"

Can you help me with that?
10x

----------


## chris128

Well from the error message you are getting I would say its pretty obvious that you need to declare FileACL as FileSecurity not DirectorySecurity...
so:


```
Dim FilePath As String = "C:\test,txt" 
Dim UserAccount As String = "Everyone" 
Dim FileInfo As IO.FileInfo = New IO.FileInfo(FilePath)
Dim FileAcl As New FileSecurity
FileAcl.AddAccessRule(New FileSystemAccessRule(UserAccount, FileSystemRights.Modify, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Deny))
'FolderAcl.SetAccessRuleProtection(True, False) 'uncomment to remove existing permissions
FileInfo.SetAccessControl(FileAcl)
```

----------


## stickler

now the error is :
No flags can be set. Parameter name: inheritanceFlags

sorry to bug you but i'm new at this
thanks again

----------


## stickler

I set the InheritanceFlags to none and it works.
But the file permission can't be inherite?

----------


## chris128

Ah yes I guess that will be because you are setting the permissions on a file and files cannot contain other files so there is no inheritance settings to configure. I've just had a quick look at the method and it has another signature that lets you miss out the inheritance argument so presumably that will work.

I also noticed that you have specified the file path as "C:\test,txt" but it needs to be "C:\test.txt" so change that as well.

So your code should be like this:



```
Dim FilePath As String = "C:\test.txt"
        Dim UserAccount As String = "Everyone"
        Dim FileInfo As IO.FileInfo = New IO.FileInfo(FilePath)
        Dim FileAcl As New FileSecurity
        FileAcl.AddAccessRule(New FileSystemAccessRule(UserAccount, FileSystemRights.Modify, AccessControlType.Deny))
        'FolderAcl.SetAccessRuleProtection(True, False) 'uncomment to remove existing permissions
        FileInfo.SetAccessControl(FileAcl)
```

----------


## stickler

Thanks awfully much !!  :wave: 
I burdened with it for a week. no knowledge, no teacher, only tutorials and books.

 :Thumb:

----------


## Dawg

Okay, yes, this is great. Two questions though.

First, it appears when you Add a "Rule", several of the settings specified apply to the folder and not the UserAccount. 

For example, I manually created a TestFolder on our network. By default it contained "Everyone" with Full Control, Inherited Permissions, and did not contain my personal UserAccount. I manually edited the Permissions to remove Everyone, not Inherit Permissions and then added my personal UserAccount.

I then programmatically added a new UserAccount with the Full Control, Inherit, None for Propogation flag and Allow for AccessControlType settings (as shown in your example). It successfully added the UserAccount to the folder, however it reset all the other settings to their default values - (Everyone with Full Control, Inherited Permissions and removed my personal UserAccount).

Similarly - when I run the code again to add another user, it removes the first user as it resets the folder to it's default settings.

Second... When I look at the Security tab and select the UserAccount I added programmatically, they have no permissions (nothing in Allow or Deny). However if I go to Advanced, it says they have Full Control and it applies to "This folder and files" (but not subfolders). The test user could access the folder, however I need the settings to apply to subfolders as well.

----------


## Dawg

I got the following to work (in that it didn't reset existing modified permissions).

I'm not an expert, but it appears the distinction might be in creating the DirectorySecurity object. If done without modifiers, it's a new object (thus doesn't have the existing folder rules). Alternatively creating it based on the existing folder creates it with the existing rules, which you add to.



```
        Dim sFolderPath As String = txtFolderPath.Text
        Dim sUserAccount As String = "(Domain\UserName)"

        Dim oFolderInfo As IO.DirectoryInfo = New IO.DirectoryInfo(sFolderPath)
        Dim oFolderAcl As New DirectorySecurity(txtFolderPath.Text, System.Security.AccessControl.AccessControlSections.Access)

        oFolderAcl.AddAccessRule(New FileSystemAccessRule(sUserAccount, _
                                                          FileSystemRights.FullControl, _
                                                          AccessControlType.Allow))

        oFolderInfo.SetAccessControl(oFolderAcl)

        oFolderAcl = Nothing
        oFolderInfo = Nothing
```

----------


## aljeff

Hello, All.

I'm in mid of creating a program.
Can you give me some snippet of codes or sample on how can I query or program if the security permission of a certain folder is cascaded or inherited down to the last folder.

Thanks.

----------


## tyoussef

I tried th


```
Dim FilePath As String = "C:\test.txt"
        Dim UserAccount As String = "Everyone"
        Dim FileInfo As IO.FileInfo = New IO.FileInfo(FilePath)
        Dim FileAcl As New FileSecurity
        FileAcl.AddAccessRule(New FileSystemAccessRule(UserAccount, FileSystemRights.Modify, AccessControlType.Deny))
        'FolderAcl.SetAccessRuleProtection(True, False) 'uncomment to remove existing permissions
        FileInfo.SetAccessControl(FileAcl)
```

i tried all the staff above 
what can i do 
Please help

----------


## pedders

Is there a way of removing inheritance using VB.NET but converting the inherited permissions to Explicit?
Something like the icacls.exe /inheritance:d command
Thanks
Peter

----------

