CACLS allows you to modify ACL rights.
CACLS used to modify ACL rights on files and folders for users and groups on the local computer.
Syntax
Cacls Path Options
Options
filename | Displays ACLs. |
/T | Changes ACLs of specified files in the current directory and all subdirectories. |
/L | Work on the Symbolic Link itself versus the target |
/M | Changes ACLs of volumes mounted to a directory |
/S | Displays the SDDL string for the DACL. |
/S:SDDL | Replaces the ACLs with those specified in the SDDL string (not valid with /E, /G, /R, /P, or /D). |
/E | Edit ACL instead of replacing it. |
/C | Continue on access denied errors. |
/G user:perm | Grant specified user access rights. Perm can be: R Read W Write C Change (write) F Full control |
/R user | Revoke specified user’s access rights (only valid with /E). |
/P user:perm | Replace specified user’s access rights. Perm can be: N None R Read W Write C Change (write) F Full control |
/D user | Deny specified user access. |
Abbreviations: | ||
CI | – | Container Inherit. The ACE will be inherited by directories. |
OI | – | Object Inherit. The ACE will be inherited by files. |
IO | – | Inherit Only. The ACE does not apply to the current file/directory. |
ID | – | Inherited. The ACE was inherited from the parent directory’s ACL. |
Example
this command will grant permission read only to specified user.
CACLS filename /g username:R
This command will grant Full permission to specified user.
CACLS filename /g username:F