DirectoryInfo.SetAccessControl(DirectorySecurity) 方法


DirectorySecurity 物件描述的訪問控制清單 (ACL) 專案套用至目前 DirectoryInfo 物件所描述的目錄。

 void SetAccessControl(System::Security::AccessControl::DirectorySecurity ^ directorySecurity);
public void SetAccessControl (System.Security.AccessControl.DirectorySecurity directorySecurity);
member this.SetAccessControl : System.Security.AccessControl.DirectorySecurity -> unit
Public Sub SetAccessControl (directorySecurity As DirectorySecurity)



物件,描述要套用至 path 參數所描述目錄的 ACL 專案。


directorySecurity 參數是 null




下列範例會使用 GetAccessControlSetAccessControl 方法來新增和移除目錄中的訪問控制清單 (ACL) 專案。

using namespace System;
using namespace System::IO;
using namespace System::Security::AccessControl;

// Adds an ACL entry on the specified directory for the
// specified account.
void AddDirectorySecurity(String^ directoryName, String^ account, 
     FileSystemRights rights, AccessControlType controlType)
    // Create a new DirectoryInfo object.
    DirectoryInfo^ dInfo = gcnew DirectoryInfo(directoryName);

    // Get a DirectorySecurity object that represents the
    // current security settings.
    DirectorySecurity^ dSecurity = dInfo->GetAccessControl();

    // Add the FileSystemAccessRule to the security settings.
    dSecurity->AddAccessRule( gcnew FileSystemAccessRule(account,
        rights, controlType));

    // Set the new access settings.

// Removes an ACL entry on the specified directory for the
// specified account.
void RemoveDirectorySecurity(String^ directoryName, String^ account,
     FileSystemRights rights, AccessControlType controlType)
    // Create a new DirectoryInfo object.
    DirectoryInfo^ dInfo = gcnew DirectoryInfo(directoryName);

    // Get a DirectorySecurity object that represents the
    // current security settings.
    DirectorySecurity^ dSecurity = dInfo->GetAccessControl();

    // Add the FileSystemAccessRule to the security settings.
    dSecurity->RemoveAccessRule(gcnew FileSystemAccessRule(account,
        rights, controlType));

    // Set the new access settings.

int main()
    String^ directoryName = "TestDirectory";
    String^ accountName = "MYDOMAIN\\MyAccount";
    if (!Directory::Exists(directoryName))
        Console::WriteLine("The directory {0} could not be found.", 
        return 0;
        Console::WriteLine("Adding access control entry for {0}",

        // Add the access control entry to the directory.
        AddDirectorySecurity(directoryName, accountName,
            FileSystemRights::ReadData, AccessControlType::Allow);

        Console::WriteLine("Removing access control entry from {0}",

        // Remove the access control entry from the directory.
        RemoveDirectorySecurity(directoryName, accountName, 
            FileSystemRights::ReadData, AccessControlType::Allow);

    catch (UnauthorizedAccessException^)
        Console::WriteLine("You are not authorised to carry" +
            " out this procedure.");
    catch (System::Security::Principal::
        Console::WriteLine("The account {0} could not be found.", accountName);
using System;
using System.IO;
using System.Security.AccessControl;

namespace FileSystemExample
    class DirectoryExample
        public static void Main()
                string DirectoryName = "TestDirectory";

                Console.WriteLine("Adding access control entry for " + DirectoryName);

                // Add the access control entry to the directory.
                AddDirectorySecurity(DirectoryName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow);

                Console.WriteLine("Removing access control entry from " + DirectoryName);

                // Remove the access control entry from the directory.
                RemoveDirectorySecurity(DirectoryName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow);

            catch (Exception e)


        // Adds an ACL entry on the specified directory for the specified account.
        public static void AddDirectorySecurity(
            string DirectoryName,
            string Account,
            FileSystemRights Rights,
            AccessControlType ControlType
            // Create a new DirectoryInfo object.
            DirectoryInfo dInfo = new(DirectoryName);

            // Get a DirectorySecurity object that represents the
            // current security settings.
            DirectorySecurity dSecurity = dInfo.GetAccessControl();

            // Add the FileSystemAccessRule to the security settings.
            dSecurity.AddAccessRule(new FileSystemAccessRule(Account,

            // Set the new access settings.

        // Removes an ACL entry on the specified directory for the specified account.
        public static void RemoveDirectorySecurity(
            string DirectoryName,
            string Account,
            FileSystemRights Rights,
            AccessControlType ControlType
            // Create a new DirectoryInfo object.
            DirectoryInfo dInfo = new(DirectoryName);

            // Get a DirectorySecurity object that represents the
            // current security settings.
            DirectorySecurity dSecurity = dInfo.GetAccessControl();

            // Add the FileSystemAccessRule to the security settings.
            dSecurity.RemoveAccessRule(new FileSystemAccessRule(Account,

            // Set the new access settings.
open System
open System.IO
open System.Security.AccessControl

// Adds an ACL entry on the specified directory for the specified account.
let addDirectorySecurity fileName (account: string) rights controlType =
    // Create a new DirectoryInfo object.
    let dInfo = DirectoryInfo fileName

    // Get a DirectorySecurity object that represents the
    // current security settings.
    let dSecurity = dInfo.GetAccessControl()

    // Add the FileSystemAccessRule to the security settings.
    dSecurity.AddAccessRule(FileSystemAccessRule(account, rights, controlType))

    // Set the new access settings.
    dInfo.SetAccessControl dSecurity

// Removes an ACL entry on the specified directory for the specified account.
let removeDirectorySecurity fileName (account: string) rights controlType =
    // Create a new DirectoryInfo object.
    let dInfo = DirectoryInfo fileName

    // Get a DirectorySecurity object that represents the
    // current security settings.
    let dSecurity = dInfo.GetAccessControl()

    // Add the FileSystemAccessRule to the security settings.
    dSecurity.RemoveAccessRule(FileSystemAccessRule(account, rights, controlType)) |> ignore

    // Set the new access settings.
    dInfo.SetAccessControl dSecurity

    let DirectoryName = "TestDirectory"

    printfn $"Adding access control entry for {DirectoryName}"

    // Add the access control entry to the directory.
    addDirectorySecurity DirectoryName @"MYDOMAIN\MyAccount" FileSystemRights.ReadData AccessControlType.Allow

    printfn $"Removing access control entry from {DirectoryName}"

    // Remove the access control entry from the directory.
    removeDirectorySecurity DirectoryName @"MYDOMAIN\MyAccount" FileSystemRights.ReadData AccessControlType.Allow

    printfn "Done."
with e ->
    printfn $"{e}"
Imports System.IO
Imports System.Security.AccessControl

Module DirectoryExample

    Sub Main()
            Dim DirectoryName As String = "TestDirectory"

            Console.WriteLine("Adding access control entry for " + DirectoryName)

            ' Add the access control entry to the directory.
            AddDirectorySecurity(DirectoryName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow)

            Console.WriteLine("Removing access control entry from " + DirectoryName)

            ' Remove the access control entry from the directory.
            RemoveDirectorySecurity(DirectoryName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AccessControlType.Allow)

        Catch e As Exception
        End Try


    End Sub

    ' Adds an ACL entry on the specified directory for the specified account.
    Sub AddDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
        ' Create a new DirectoryInfoobject.
        Dim dInfo As New DirectoryInfo(FileName)

        ' Get a DirectorySecurity object that represents the 
        ' current security settings.
        Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()

        ' Add the FileSystemAccessRule to the security settings. 
        dSecurity.AddAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))

        ' Set the new access settings.

    End Sub

    ' Removes an ACL entry on the specified directory for the specified account.
    Sub RemoveDirectorySecurity(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal ControlType As AccessControlType)
        ' Create a new DirectoryInfo object.
        Dim dInfo As New DirectoryInfo(FileName)

        ' Get a DirectorySecurity object that represents the 
        ' current security settings.
        Dim dSecurity As DirectorySecurity = dInfo.GetAccessControl()

        ' Add the FileSystemAccessRule to the security settings. 
        dSecurity.RemoveAccessRule(New FileSystemAccessRule(Account, Rights, ControlType))

        ' Set the new access settings.

    End Sub
End Module


存取控制清單 (ACL) 描述具有指定檔案或目錄上特定動作權限或沒有權限的個人和群組。 如需詳細資訊,請參閱 如何:新增或移除存取控制清單項目

SetAccessControl 方法會將 ACL 專案套用至代表非繼承 ACL 清單的檔案。


directorySecurity 指定的 ACL 會取代目錄的現有 ACL。 若要新增新用戶的許可權,請使用 GetAccessControl 方法來取得現有的 ACL,並加以修改。

SetAccessControl 方法只會保存 DirectorySecurity 物件建立之後已修改的物件。 如果 DirectorySecurity 物件尚未修改,則不會保存至檔案。 因此,無法從某個檔案擷取 DirectorySecurity 物件,並將相同的物件重新套用至另一個檔案。

若要將 ACL 資訊從一個檔案複製到另一個檔案:

  1. 使用 GetAccessControl 方法,從來源檔案擷取 DirectorySecurity 物件。

  2. 為目的地檔案建立新的 DirectorySecurity 物件。

  3. 使用來源 DirectorySecurity 物件的 GetSecurityDescriptorBinaryFormGetSecurityDescriptorSddlForm 方法來擷取 ACL 資訊。

  4. 使用 SetSecurityDescriptorBinaryFormSetSecurityDescriptorSddlForm 方法,將步驟 3 中擷取的資訊複製到目的地 DirectorySecurity 物件。

  5. 使用 SetAccessControl 方法,將目的地 DirectorySecurity 物件設定為目的地檔案。
