我正在尝试以编程方式设置文件夹审核选项下的“适用于”字段。在 MSDN 中,the code example there uses the FileSystemAuditRule class将新审核规则添加到文件夹。此类中没有明显的内容来设置需要应用特定审核规则的对象。
这是我用来设置一些权限的代码:
const string myFolder = @"S:\Temp\SomeFolderToAudit";
var account = new SecurityIdentifier(WellKnownSidType.WorldSid, null).Translate(typeof(NTAccount));
FileSecurity fSecurity = File.GetAccessControl(myFolder, AccessControlSections.Audit);
fSecurity.AddAuditRule(new FileSystemAuditRule(account, FileSystemRights.WriteData | FileSystemRights.Delete | FileSystemRights.ChangePermissions, AuditFlags.Success));
File.SetAccessControl(myFolder, fSecurity);
这很好地创建了审计规则,除了下面突出显示的选项:
我需要它是“This folder, subfolders and files”,或者除“This folder only”之外的任何东西。我不想遍历所有目录和文件并对它们设置相同的审核规则。我也不想尝试管理继承,规则将受到保护。我只需要一种方法来设置此选项,最好使用托管代码(如果这是唯一的方法,欢迎 P/Invokes)。
在此先感谢您的帮助。
最佳答案
经过一番摸索之后,我设法找出了如何设置“适用于”字段。创建审核规则对象时,您需要结合使用 InheritanceFlags 和 PropagationFlags。
下面是示例代码(基于问题示例),它向您展示了标志的组合以及它们对“适用于”字段的结果:
// This folder only (default)
fSecurity.AddAuditRule(new FileSystemAuditRule(account, FileSystemRights.WriteData | FileSystemRights.Delete | FileSystemRights.ChangePermissions, InheritanceFlags.None, PropagationFlags.None, AuditFlags.Success));
// This folder and subfolders
fSecurity.AddAuditRule(new FileSystemAuditRule(account, FileSystemRights.WriteData | FileSystemRights.Delete | FileSystemRights.ChangePermissions, InheritanceFlags.ContainerInherit, PropagationFlags.None, AuditFlags.Success));
// This folder and files
fSecurity.AddAuditRule(new FileSystemAuditRule(account, FileSystemRights.WriteData | FileSystemRights.Delete | FileSystemRights.ChangePermissions, InheritanceFlags.ObjectInherit, PropagationFlags.None, AuditFlags.Success));
// This folder, subfolders and files
fSecurity.AddAuditRule(new FileSystemAuditRule(account, FileSystemRights.WriteData | FileSystemRights.Delete | FileSystemRights.ChangePermissions, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AuditFlags.Success));
// Subfolders only
fSecurity.AddAuditRule(new FileSystemAuditRule(account, FileSystemRights.WriteData | FileSystemRights.Delete | FileSystemRights.ChangePermissions, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AuditFlags.Success));
// Files only
fSecurity.AddAuditRule(new FileSystemAuditRule(account, FileSystemRights.WriteData | FileSystemRights.Delete | FileSystemRights.ChangePermissions, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AuditFlags.Success));
// Subfolders and files only
fSecurity.AddAuditRule(new FileSystemAuditRule(account, FileSystemRights.WriteData | FileSystemRights.Delete | FileSystemRights.ChangePermissions, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AuditFlags.Success));
可以在 this very useful page by Michael Taylor 上找到此信息以及更多关于访问控制的信息.
关于c# - 如何以编程方式更改文件夹审核选项下的 "Applies To"字段 (.NET),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/16214024/