SetConnect

AddAccessRule

File::AddAccessRule
Description

Add a FileSystemRights access rule to a file or directory.

Optional: the command can be run by using the credentials of a different account.
Note: when setting credentials these must conform to the LogonUser Windows API.

Options
File or Directory

The file or directory to which the access rule must be added.

Identity
The windows username to which the rule must be applied.
FileSystemRights

The rights to set on the file or directory.

InheritanceFlags

None
The ACE is not inherited by child objects.

ContainerInherit
The ACE is inherited by child container objects.

ObjectInherit
The ACE is inherited by child leaf objects.

PropagationFlags

None
Specifies that no inheritance flags are set.

NoPropagateInherit
Specifies that the ACE is not propagated to child objects.

InheritOnly
Specifies that the ACE is propagated only to child objects. This includes both container and leaf child objects.

 
AccessControlType

Allow
The AccessRule object is used to allow access to a secured object.

Deny
The AccessRule object is used to deny access to a secured object.

Domain
Optional: domain name for the credentials to set the accessrule.
Username
Optional: Username for the credentials to set the accessrule.
Password
Optional: Password for the credentials to set the accessrule.
LogonType

Interactive
This logon type is intended for users who will be interactively using the computer, such as a user being logged on by a terminal server, remote shell, or similar process. This logon type has the additional expense of caching logon information for disconnected operations; therefore, it is inappropriate for some client/server applications, such as a mail server.

Network
This logon type is intended for high performance servers to authenticate plaintext passwords. The LogonUser function does not cache credentials for this logon type.

Batch
This logon type is intended for batch servers, where processes may be executing on behalf of a user without their direct intervention. This type is also for higher performance servers that process many plaintext authentication attempts at a time, such as mail or web servers.

Service
Indicates a service-type logon. The account provided must have the service privilege enabled.

NetworkCleartext
This logon type preserves the name and password in the authentication package, which allows the server to make connections to other network servers while impersonating the client. A server can accept plaintext credentials from a client, call LogonUser, verify that the user can access the system across the network, and still communicate with other servers.

NewCredentials
This logon type allows the caller to clone its current token and specify new credentials for outbound connections. The new logon session has the same local identifier but uses different credentials for other network connections.

 

Documentation

Release notes