public void AddGroup_UsersRead() { using (var cleaner = new TestFileCleaner()) { using (var handle = Storage.CreateFile(cleaner.GetTestPath(), CreationDisposition.CreateNew, DesiredAccess.GenericReadWrite | DesiredAccess.WriteDac)) { handle.IsInvalid.Should().BeFalse(); SID usersGroup = Security.CreateWellKnownSid(WellKnownSID.Users); handle.ChangeAccess(usersGroup, FileAccessRights.GenericRead, AccessMode.Grant); using (SecurityDescriptor descriptor = Storage.GetAccessControlList(handle)) { List <ExplicitAccess> access = descriptor.GetExplicitEntriesFromAcl().ToList(); access.Count.Should().Be(1); ExplicitAccess ea = access[0]; // Here you can see what the generic rights get translated to ((FileAccessRights)ea.Permissions).Should() .Be(FileAccessRights.ReadData | FileAccessRights.ReadAttributes | FileAccessRights.ReadExtendedAttributes | FileAccessRights.Synchronize | FileAccessRights.ReadControl); ea.Inheritance.Should().Be(Inheritance.NoInheritance); ea.Mode.Should().Be(AccessMode.Grant); } } } }
public void GetDiscrectionaryAclForCreatedFile() { using (var cleaner = new TestFileCleaner()) { using (var handle = Storage.CreateFile(cleaner.GetTestPath(), CreationDisposition.CreateNew)) { handle.IsInvalid.Should().BeFalse(); using (SecurityDescriptor descriptor = Storage.GetAccessControlList(handle)) { List <ExplicitAccess> access = descriptor.GetExplicitEntriesFromAcl().ToList(); access.Count.Should().Be(0); } } } }