I Want to assign permissions to only a single user to a folder in windows using C#, Other users should not be able to open or change the access rights of that folder.
for example if I have 3 users - UserA ,UserB and UserC in Users group. I want to give permission to access a folder only to UserA. If I deny access to users group and allow UserA, then deny permission will take precedence and access to UserA will also be denied.
one work around to this problem is by denying Userb and Userc ,and allowing UserA to access the folder . but this has a problem if after setting the permissions a user account creates then that new account will have permission to the folder. I don't want to have this scenario.
Thanks, Sujith
The default permission for anyone not mentioned in the ACL is "no access" (An Empty DACL grants no access). So, prevent the folder inheriting security from its parent, and assign permissions to UserA only.
(Of course, this doesn't prevent an administrator from taking ownership and thereafter granting permissions for themselves. Nothing can prevent that)
E.g. to create a directory, called C:\FruitBat, that's only accessible to user DOMAIN\User1:
System.Security.AccessControl.DirectorySecurity dacl = new System.Security.AccessControl.DirectorySecurity();
dacl.AddAccessRule(new System.Security.AccessControl.FileSystemAccessRule(@"DOMAIN\User1",
System.Security.AccessControl.FileSystemRights.FullControl,
System.Security.AccessControl.InheritanceFlags.ContainerInherit |
System.Security.AccessControl.InheritanceFlags.ObjectInherit,
System.Security.AccessControl.PropagationFlags.None ,
System.Security.AccessControl.AccessControlType.Allow));
System.IO.Directory.CreateDirectory(@"C:\FruitBat", dacl);