Introduction
The other day, I went to go use the FileSystemRights enum and quickly got confused with all the different kinds of windows file permissions - I'm pretty sure I'm not alone. Some of the enums only have a single permission flag while others contain multiple flags. I hope this short reference will help understand the breakdown.
Enumerating the Enum
To generate a list of flags that make up FileSystemRights, the following was used:
foreach (var f in Enum.GetValues(typeof(FileSystemRights)))
{
Console.WriteLine(f.ToString().PadLeft(28) + Convert.ToString((int)f, 2).PadLeft(32, '0'));
}
the output:
(diagram 1)
Some values appear to be displayed twice but that is a side effect of the generating code. The reason is because some items have the same bitflag and when ToString() looks them up it returns the first match. e.g. ReadData and ReadDataListDirectory are both listed with the value 1. This is cleaned up in the next table as "ReadDataListDirectory/ReadData".
Cleaning up the table
Here is a beautified version of the above: (Removed empty columns, rearranged, combined duplicates, added headers, and highlighted for optimal viewing.)
(diagram 2)
From the above table, we can see that there are individual distinct permissions (bottom 13 rows), and sets of permissions (top 5 rows).
Summarizing the Sets
Here are all the 17 different enumerations for FileSystemRights. On the left are the distinct values and on the right are friendly multi-flag sets.
(diagram 3)
Read and Write contain an independent set of permissions - nothing is related. ReadAndExecute is the same as Read but with Execute as well. Modify basically contains Write + ReadAndExecute + Delete. And finally there is FullControl, which has everything. FullControl is like Modify but also adds DeleteSubdirectoriesAndFiles +ChangePermissions + TakeOwership + [one more unknown bit].
For most needs, the multi-flag sets (Write, Read, ReadAndExecute, Modify, and FullControl) will be all that is needed. However, for more advanced needs, flags can be OR-ed together. (e.g. Read | Delete)
Points of Interest
- The permissions match up with Windows NTFS - to be expected I guess. There are 14 distinct flags in
FileSystemRights ([full] not shown) and in explorer's permissions there are 14 as well. Furthermore, with the exception of Special Permissions, there are also the same 5 permission sets. FullControl has one additional flag set with no matching individual flag. (see diagram 2)
