Determining security on existing folders and files

[rbsorensen]

Hi

I'm creating a web activeX dll that potentially provides access to files in a fixed range of folders.

My question is: how do I determine the access rights for a given NT username on directories and files? I need to know if the user can read, write, or has no access at all to both files and folders.

I've seen code samples for adding access rights but not for checking them.

Thanks for your help.

[jim mcnamara]

How about GetFileSecurity?

It works in the context of the user's privs. Here is a rather lengthy example that shows almost every file-related security api. You can just cut & paste what you need. It starts by getting file security.

http://support.microsoft.com/default...;EN-US;q240176

[rbsorensen]

Thanks for the response.

I have seen this article. The problem is that the example doesn't show you how to check to see if the user's SID is contained in the file or directory's ACL. When the logic contructs the new ACL, it doesn't check to see if an entry for the user is already present, at least not that I can see.

Furthermore this example requires administrator rights, and when I looked up the GetFileSecurity routine on MSDN, it indicated that you need to be the administrator or owner of the file/directory in order to obtain DACL information.

I need a function that can run under the context of any user, that can determine the access rights of that user to a series of files and directories.

Rich Sorensen