System.IO.File.SetAccessControl Method

Applies access control list (ACL) entries described by a System.Security.AccessControl.FileSecurity object to the specified file.


public static void SetAccessControl (string path, System.Security.AccessControl.FileSecurity fileSecurity)


A file to add or remove access control list (ACL) entries from.
A System.Security.AccessControl.FileSecurity object that describes an ACL entry to apply to the file described by the path parameter.


The File.SetAccessControl(string, System.Security.AccessControl.FileSecurity) method applies access control list (ACL) entries to a file that represents the noninherited ACL list.


The ACL specified for the fileSecurity parameter replaces the existing ACL for the file. To add permissions for a new user, use the erload:System.IO.File.GetAccessControl method to obtain the existing ACL, modify it, and then use File.SetAccessControl(string, System.Security.AccessControl.FileSecurity) to apply it back to the file.

An ACL describes individuals and/or groups who have, or do not have, rights to specific actions on the given file. For more information, see ACL Technology Overview and How to: Add or Remove an Access Control List Entry.

The File.SetAccessControl(string, System.Security.AccessControl.FileSecurity) method persists only System.Security.AccessControl.FileSecurity objects that have been modified after object creation.  If a System.Security.AccessControl.FileSecurity object has not been modified, it will not be persisted to a file.  Therefore, it is not possible to retrieve a System.Security.AccessControl.FileSecurity object from one file and reapply the same object to another file.

To copy ACL information from one file to another:

[The 'ordered' type of list has not been implemented in the ECMA stylesheet.]

In NTFS environments, System.Security.AccessControl.FileSystemRights.ReadAttributes and System.Security.AccessControl.FileSystemRights.ReadExtendedAttributes are granted to the user if the user has System.Security.AccessControl.FileSystemRights.ListDirectory rights on the parent folder. To deny System.Security.AccessControl.FileSystemRights.ReadAttributes and System.Security.AccessControl.FileSystemRights.ReadExtendedAttributes, deny System.Security.AccessControl.FileSystemRights.ListDirectory on the parent directory.


Namespace: System.IO
Assembly: mscorlib (in mscorlib.dll)
Assembly Versions:,
Since: .NET 2.0