AccessControlSetObjectSecurity Method (ConnectionId, SessionId, AccessControlSecurityInfoClass, String) Content Studio 5.7 SDK
Content Studio Web Content Management System

[This is preliminary documentation and is subject to change.]

Sets security information for an object

Namespace: ContentStudio.Security
Assembly: CSServer5 (in CSServer5.dll) Version: 5.7.5016.0 (5.7.5016.0)

public void SetObjectSecurity(
	ConnectionId connectionId,
	SessionId sessionId,
	AccessControlSecurityInfoClass infoClass,
	string securityInfoXml


Type: ContentStudioConnectionId
A value that identifies the web site
Type: ContentStudio.SecuritySessionId
A value that identifies the user's session. This value usually originates from a call to OpenSession(ConnectionId).
Type: ContentStudio.SecurityAccessControlSecurityInfoClass
The type of information to update.
Type: SystemString
An XML document that contains the security information to update. This document must be valid against the Content Studio security descriptor schema and is typically retrieved by a call to the GetSecurityInformation method.

CSExceptionA business rule was violated in the underlying Content Studio database
SqlExceptionAn error occurred when executing the command against the Content Studio database
XmlExceptionThe security descriptor is invalid.
Content Studio permissions

Admin permission on the object is required in order to change permissions. To take ownership the caller must have either GlobalGroupAdmin right or TakeOwnership permission on the object in question.

The following code shows how to set permissions to a Content Studio object (error handling is omitted in this example).
Observe how the well-known group Everyone is created in the sample. Never rely on the name of any well-known principal; those names are localized and differ between different language versions of the operating system.

using System;
using System.Xml;
using System.Text;
using System.Security.Principal;
using System.Security.AccessControl;
using ContentStudio;
using ContentStudio.Security;
using ContentStudio.Security.AccessControlEdit;

public class TheClass
    public void Main()
        const int CONNECTION_ID = 1;
        //Create a new session.
        SessionManager sman = new SessionManager();
        int SessionID = sman.OpenSession(CONNECTION_ID);
        ContentStudio.Security.AccessControl acc = new AccessControl();
        //Get the security descriptor on document id 2558.
        string sd = acc.GetObjectSecurity(CONNECTION_ID,
        Use the new ContentStudio.Security.AccessControlEdit.CSSecurityDescriptor object.
        This document does not get executed over remoting.
        CSSecurityDescriptor secDesc = new CSSecurityDescriptor(sd);
        Add two new permission entries with the AddAccess method on the DiscretionaryAccessControlList
        of the CSSecurityDescriptor object.  Let's use Everyone - read, and CONTENTSTUDIO\Editors - modify.
        SecurityIdentifier SID = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
                                                         CSObjectPermissions.Read ,
        const CSObjectPermissions MODIFY = CSObjectPermissions.Write | 
                                           CSObjectPermissions.Create | 
                                           CSObjectPermissions.Read | 
        A SecurityIdentifier can also be created if you have the user name in the 
        format Domain\Username or the UPN-format (e.g.
        NTAccount acc = new NTAccount("CONTENTSTUDIO\\Editors");
        //Translate to a SecurityIdentifier
        SID = (SecurityIdentifier)acc.Translate(typeof(SecurityIdentifier));
        //Get the the security descriptor in the Xml format.
        StringBuilder sbu = new StringBuilder();
        using(var xWriter = XmlWriter.Create(sbu))
        sd = sbu.ToString();
        //Save the security back to the object that provided it.
        acc.SetObjectSecurity(CONNECTION_ID, SessionID, AccessControl.SecurityInfoClass.DACL, sd);
Taking the ownership of an object can be done by directly manipulating the security descriptor and the ownersid field as the following code snippet shows.

You can only take ownership, never give it away to someone else. Also in order to take ownership you must have SetOwnerShip permission or be a member in a group that has the GlobalGroupAdmin rights defined.
    const int CS_STARTPAGE = 1003;
    AccessControl acc = new AccessControl();
    XmlDocument dom = new XmlDocument();
    dom.LoadXml(acc.GetObjectSecurity(CS_ConnectionId, CS_UserSessionId, CS_STARTPAGE, CSSecurableObjects.DocumentItem));
    //Get the sid of the calling user
    SecurityIdentifier sid = WindowsIdentity.GetCurrent().User;
    //Change the owner by manipulating the security descriptor xml directly!
    dom.DocumentElement.SelectSingleNode("ownersid").InnerText = sid.Value;
    //save the security descriptor back to the object indicating that we like to set the owner information
    acc.SetObjectSecurity(CS_ConnectionId, CS_UserSessionId, AccessControl.SecurityInfoClass.Owner, dom.OuterXml);
    Response.Write("The owner has been changed");
catch (Exception ex)
See Also