Access Rules
- 3 minutes to read
This topic illustrates how to define security permissions for folders and files using a set of folder/file access rules (the FileManagerSettingsPermissions.AccessRules collection). When you index rules within a collection, it allows you to control the rule priority. A rule with a higher index has a higher priority.
Note
Refer to the Permissions topic for details on how to permit or deny access to individual files and folders, or to implement complicated user access logic.
Use the FileManagerFolderAccessRule and FileManagerFileAccessRule elements to set up access rules for folders (including their files and sub-folders) and individual files. The table below lists the access rule properties that are available for files and folders.
Rule Properties | File Access Rule | Folder Access Rule | Description |
---|---|---|---|
Path | + | + | A path to which the rule is applied |
Role | + | + | A role to which the rule is applied |
Browse | + | + | Permission to view a file/folder |
Download | + | - | Permission to download a file |
Edit | + | + | Permission to edit files/folders |
Edit Content | - | + | Permission to edit folder content (files within a folder) |
Upload | - | + | Permission to upload files to a folder |
The following Rights enumeration values determine permissions:
Value | Description | |
---|---|---|
Allow | Rights.Allow | The action is allowed within the access rule. |
Deny | Rights.Deny | The action is denied within the access rule. |
Default | Rights.Default | The action has the same permission as the current item (file or folder) parent element. It corresponds to the Rights.Allow permission if this value does not exist. |
You can associate access rules with specific security roles and group-related permissions. To do this, assign the role’s name to the rule’s Role property. Related access rules should be assigned to matching role names.
Use the FileManagerSettingsPermissions.Role property to apply a created role to the ASPxFileManager. Once you have applied the role, the file manager displays folders and files, and assigns access permissions to them based on the role.
Note
- ASPxFileManager does not allow users to edit a folder that contains files or folders with access denied by Access Rules.
- Define a separate rule (FileManagerFolderAccessRule, FileManagerFileAccessRule) for each operation (for example, Upload, Edit).
- The file or folder’s resulting access rule depends on the rule order in the FileManagerSettingsPermissions.AccessRules collection.
Examples
How to prohibit users from editing all files except for JPG files:
<dx:ASPxFileManager ID="ASPxFileManager1" runat="server">
<SettingsEditing AllowCreate="true" AllowDelete="true" AllowMove="true" AllowRename="true" />
<SettingsPermissions>
<AccessRules>
<dx:FileManagerFileAccessRule Edit="Deny" Path="*" />
<dx:FileManagerFileAccessRule Edit="Allow" Path="*.jpg" />
</AccessRules>
</SettingsPermissions>
</dx:ASPxFileManager>
How to prevent users from browsing the ‘Admin’ folder:
<dx:ASPxFileManager ID="ASPxFileManager1" runat="server">
<SettingsPermissions>
<AccessRules>
<dx:FileManagerFolderAccessRule Browse="Deny" Path="Admin" />
</AccessRules>
</SettingsPermissions>
</dx:ASPxFileManager>
How to prevent users from editing the ‘ReadOnly’ folder:
<dx:ASPxFileManager ID="ASPxFileManager1" runat="server">
<SettingsEditing AllowCreate="true" AllowDelete="true" AllowMove="true" AllowRename="true" />
<SettingsPermissions>
<AccessRules>
<dx:FileManagerFolderAccessRule Edit="Deny" Path="ReadOnly" />
</AccessRules>
</SettingsPermissions>
</dx:ASPxFileManager>
How to prevent users from uploading any folders except the ‘UploadFolder’ folder:
<dx:ASPxFileManager ID="ASPxFileManager1" runat="server">
<SettingsPermissions>
<AccessRules>
<dx:FileManagerFolderAccessRule Upload="Deny" Path="" />
<dx:FileManagerFolderAccessRule Upload="Allow" Path="UploadFolder" />
</AccessRules>
</SettingsPermissions>
</dx:ASPxFileManager>
How to prevent non-admin users from editing files:
<dx:ASPxFileManager ID="ASPxFileManager1" runat="server">
<SettingsPermissions>
<AccessRules>
<dx:FileManagerFolderAccessRule Edit="Deny" Path="" />
<dx:FileManagerFolderAccessRule Edit="Allow" Path="" Role="Admin" />
</AccessRules>
</SettingsPermissions>
</dx:ASPxFileManager>