EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How to allow only read permissions based on some condition

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
Posted: 07/17/2008 10:53:40
by Devesh Mittal (Basic support level)
Joined: 07/11/2008
Posts: 8


I want to allow only read access to certain files based on some conditions.

I have tried following things and faced the problems.

1. Setting ProcessRequest = false in CbFltWriteFileC

Problem:: It doesn't work at all. Some time windows shows errors but file is always saved.

2. Removing write and modify access rules from file in CbFltPostOpenFileC and CbFltOpenFileN

Problem:: It works for some editors ( they are able to open file but not modify and save any thing) But for some editor ( for example Microsoft word ), it doesn't work. Ms word is able to save the changes.

Can you please suggest a proper apporach?


Here is the code for removing write access rules:

FileSecurity sec = File.GetAccessControl(FileName);
WindowsIdentity self = System.Security.Principal.WindowsIdentity.GetCurrent();
FileSystemAccessRule rule1 = new FileSystemAccessRule(self.Name, FileSystemRights.WriteData, AccessControlType.Allow);
FileSystemAccessRule rule2 = new FileSystemAccessRule(self.Name, FileSystemRights.Write, AccessControlType.Allow);
FileSystemAccessRule rule3 = new FileSystemAccessRule(self.Name, FileSystemRights.Modify, AccessControlType.Allow);


File.SetAccessControl(FileName, sec);

Posted: 07/18/2008 14:48:01
by Vladimir Cherniga (EldoS Corp.)

If static rule "ReadOnly" don't satisfy your conditions add the next code to the PreOpenFile callback

    if(DesiredAccess & FILE_WRITE_DATA) {
        *Accepted = FALSE;
    else {
        *Accepted = TRUE;



Topic viewed 2606 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!