[Expand]General Information
[Expand]WinForms Controls
[Collapse]ASP.NET Controls and MVC Extensions
 [Expand]What's Installed
 [Expand]Common Concepts
 [Collapse]ASP.NET WebForms Controls
   Getting Started
  [Expand]Grid View
  [Expand]Tree List
  [Expand]Card View
  [Expand]Chart Control
  [Expand]Pivot Grid
  [Expand]Rich Text Editor
  [Expand]Site Navigation and Layout
  [Expand]HTML Editor
  [Expand]Vertical Grid
  [Expand]Data Editors
  [Expand]Docking and Popups
  [Collapse]File Management
   [Expand]Product Information
   [Collapse]File Manager
     ASPxFileManager Overview
      View Modes
      Custom Columns
      Uploading Files
      File Download
      Context Menu
     [Collapse]Access Control Overview
       Access Rules
     [Expand]File System Providers
      Security Considerations
    [Expand]Visual Elements
    [Expand]Member Tables
   [Expand]File Upload
  [Expand]Data and Image Navigation
  [Expand]Multi-Use Site Controls
  [Expand]Spell Checker
  [Expand]Query Builder
 [Expand]ASP.NET MVC Extensions
 [Expand]Redistribution and Deployment
  Get More Help
 [Expand]API Reference
[Expand]ASP.NET Bootstrap Controls
[Expand]ASP.NET Core Bootstrap Controls
[Expand]WPF Controls
[Expand]Xamarin Controls
[Expand]Windows 10 App Controls
[Expand]Office File API
[Expand]Report and Dashboard Server
[Expand]eXpressApp Framework
[Expand]CodeRush Classic
[Expand]Cross-Platform Core Libraries
[Expand]Tools and Utilities
 End-User Documentation


This topic illustrates how to apply security permissions to ASPxFileManager's files and folders to deny or permit a user's access.


Refer to the Access Rules topic to permit or deny access to files and folders using predefined access rules.

File/folder permissions are used in the following cases:

  • To restrict access to an individual file/folder.
  • To implement a complicated logic for user access to files/folders when using Access Rules is not enough.

To define a user's access to individual files and folders, use a custom file system provider and the following method overloads:

The FileManagerFilePermissions and FileManagerFolderPermissions enumerations values determine file and folder permissions:

Permission File Folder Description
Default + + Access rules define File/Folder permissions.
Rename + + Permits renaming a file/folder.
Move + + Permits moving a file/folder.
Copy + + Permits copying a file/folder.
Delete + + Permits deleting a file/folder.
Download + - Permits downloading a file.
Create - + Permits creating a folder.
Upload - + Permits uploading a folder.
MoveOrCopyInto - + Permits moving or copying files and folders into the current folder.

To specify complicated security rules, combine permissions and access rules. Access rules are used to assign an access level to the whole file system or part of it. Permissions control files' and folders' security level.


Permissions have priority over access rules if both access rules and permissions are applied to a specific file/folder.

The following code sample illustrates how to restrict all editing operations for the whole provider's file system:

Unlike Access Rules, folder permissions are not applied to subfolders and files. For example, a user can delete a folder but cannot delete a file in this folder. If a user deletes the folder, the file deletion depends on the file system provider's DeleteFolder method implementation.

The permission mechanism does not allow displaying or hiding a folder/file like access rules (the Browse property). To implement this functionality using permissions, do not include these files/folders in the GetFiles/GetFolders functions' resulting values.

Online Example

Refer to the online example for details on how to create a custom FileSystem provider and assign permissions to each folder or file.

Is this topic helpful?​​​​​​​