Hi,

>I tried this function but it doesn't seem to work. I have only read access to a directory on the network drive and when I tried ? hasaccess('w:\directory\','W'), it return .T.

That's admittedly confusing, but still the correct behavior.

AccessCheck uses two components to perform an access check. For one, it uses your local token. A token defines group membership and privileges on one machine. The second part is a security descriptor. That's a list of grant or deny permissions for a group or a user. The security descriptor is stored along with the file on NTFS shares.

If you call AccessCheck with a network share, the security descriptor origins from the server, while the user token comes from your local machine. Hence, AccessCheck evaluates the remote file privileges as if the file was a local file. This has impact on two different aspects. For one, permissions on the network share are completely ignored. Secondly, there might be issues with file security. For instance, if the security descriptor gives write-access to interactively logged on users, you get .T. back, because on your own machine you are likely an interactively logged on user.

Obtaining reliable information for remote files is not easy. There are too many parts interfering here. For one, you have file access security that must be evaluated using a token that origins on the same machine as the file. Additionally, you have network share permissions which are overlayed with file access permissions, but are not part of the security descriptor of a file. Finally, there are policies that grant you less permissions when you log onto a server than your account actually has. A true security check would require you to check all these. Yet, some of these information are only available to administrators.