System.IO.Directory.SetAccessControl Method

Applies access control list (ACL) entries described by a System.Security.AccessControl.DirectorySecurity object to the specified directory.


public static void SetAccessControl (string path, System.Security.AccessControl.DirectorySecurity directorySecurity)


A directory to add or remove access control list (ACL) entries from.
A System.Security.AccessControl.DirectorySecurity object that describes an ACL entry to apply to the directory described by the path parameter.


The Directory.SetAccessControl(string, System.Security.AccessControl.DirectorySecurity) method applies access control list (ACL) entries to a file that represents the noninherited ACL list.


The ACL specified for the directorySecurity parameter replaces the existing ACL for the directory. To add permissions for a new user, use the erload:System.IO.Directory.GetAccessControl method to obtain the existing ACL and modify it.

An ACL describes individuals and/or groups who have, or do not have, rights to specific actions on the given file or directory. For more information, see ACL Technology Overview and How to: Add or Remove an Access Control List Entry.

The Directory.SetAccessControl(string, System.Security.AccessControl.DirectorySecurity) method persists only System.Security.AccessControl.DirectorySecurity objects that have been modified after object creation.  If a System.Security.AccessControl.DirectorySecurity object has not been modified, it will not be persisted to a file.  Therefore, it is not possible to retrieve a System.Security.AccessControl.DirectorySecurity object from one file and reapply the same object to another file.

To copy ACL information from one file to another:

[The 'ordered' type of list has not been implemented in the ECMA stylesheet.]

In NTFS environments, System.Security.AccessControl.FileSystemRights.ReadAttributes and System.Security.AccessControl.FileSystemRights.ReadExtendedAttributes are granted to the user if the user has System.Security.AccessControl.FileSystemRights.ListDirectory rights on the parent folder. To deny System.Security.AccessControl.FileSystemRights.ReadAttributes and System.Security.AccessControl.FileSystemRights.ReadExtendedAttributes, deny System.Security.AccessControl.FileSystemRights.ListDirectory on the parent directory.


Namespace: System.IO
Assembly: mscorlib (in mscorlib.dll)
Assembly Versions:,
Since: .NET 2.0