Skip to main content


  • 3 minutes to read

This topic illustrates how to apply security permissions to ASPxFileManager’s files and folders to deny or permit a user’s access.


Refer to the following topic on how to use predefined access rules to permit or deny file and folder access: Access Rules.

File/folder permissions are used in the following cases:

  • To restrict access to an individual file/folder.
  • To implement a complicated logic for user access to files/folders when using Access Rules is not enough.

Use a custom file system provider and the following method overloads to define a user’s access to individual files and folders:

The FileManagerFilePermissions and FileManagerFolderPermissions enumeration values determine file and folder permissions:

Permission File Folder Description
Default + + Access rules define File/Folder permissions.
Rename + + Permits a user to rename a file/folder.
Move + + Permits a user to move a file/folder.
Copy + + Permits a user to copy a file/folder.
Delete + + Permits a user to delete a file/folder.
Download + - Permits a user to download a file.
Create - + Permits a user to create a folder.
Upload - + Permits a user to upload a folder.
MoveOrCopyInto - + Permits a user to move or copy files and folders to the current folder.

You can combine permissions and access rules to create complex security rules. Access rules are used to assign an access level to all or part of the file system. Permissions control the security level of files and folders.


Permissions have priority over access rules if both access rules and permissions are applied to a specific file/folder.

The following code sample illustrates how to restrict all editing operations for the whole provider’s file system:

        <dx:FileManagerFolderAccessRule Edit="Deny" />
        <dx:FileManagerFileAccessRule Path="*" Download="Deny" />

Unlike Access Rules, folder permissions are not applied to subfolders and files. For example, a user can delete a folder but cannot delete a file in this folder. If a user deletes the folder, the file deletion depends on the file system provider’s DeleteFolder method implementation.

The permission mechanism does not allow you to display or hide a folder/file like access rules (the Browse property). To implement this functionality with permissions, do not include these files/folders in the resulting values of the GetFiles/GetFolders functions.


Online Example Refer to the following example for details on how to create a custom FileSystem provider and assign permissions to each folder or file: ASPxFileManager - Implement custom FileSystem provider and set file/folder permissions.