Displays or modifies discretionary access control lists (DACL) on specified files.
cacls <filename> [/t] [/m] [/l] [/s[:sddl]] [/e] [/c] [/g user:<perm>] [/r user [...]] [/p user:<perm> [...]] [/d user [...]]
|
Parameter
|
Description
|
|
<filename>
|
Required. Displays ACLs of specified files.
|
|
/t
|
Changes ACLs of specified files in the current directory and all subdirectories.
|
|
/m
|
Changes ACLs of volumes mounted to a directory.
|
|
/l
|
Work on the Symbolic Link itself versus the target.
|
|
/s:sddl
|
Replaces the ACLs with those specified in the SDDL string (not valid with /e, /g, /r, /p, or /d).
|
|
/e
|
Edit ACL instead of replacing it.
|
|
/c
|
Continue on access denied errors.
|
|
/g user:<perm>
|
Grant specified user access rights.
Valid values for permission:
|
Value
|
Description
|
|
n
|
none
|
|
r
|
read
|
|
w
|
write
|
|
c
|
change (write)
|
|
f
|
full control
|
|
|
/r user [...]
|
Revoke specified user's access rights (only valid with /e).
|
|
[/p user:<perm> [...]
|
Replace specified user's access rights.
Valid values for permission:
|
Value
|
Description
|
|
n
|
none
|
|
r
|
read
|
|
w
|
write
|
|
c
|
change (write)
|
|
f
|
full control
|
|
|
[/d user [...]
|
Deny specified user access.
|
|
/?
|
Displays help at the command prompt.
|
-
This command has been deprecated. Please use Icacls instead.
-
Use the following table to interpret the results:
|
Output
|
Access control entry (ACE) applies to
|
|---|
OI | Object inherit. This folder and files. |
CI | Container inherit. This folder and subfolders. |
IO | Inherit only. The ACE does not apply to the current file/directory. |
No output message | This folder only. |
(OI)(CI) | This folder, subfolders, and files. |
(OI)(CI)(IO) | Subfolders and files only. |
(CI)(IO) | Subfolders only. |
(OI)(IO) | Files only. |
-
You can use wildcards (? and *) to specify multiple files.
-
You can specify more than one user.