Microsoft DOS cacls command

Quick links

About cacls
Cacls Syntax

About cacls

The cacls command enables a user to view and modify the ACLs of a file. If you're wanting to change the read/write, hidden, system settings of the file see the attrib command.


The cacls.exe command is an external command and is available in the below Microsoft operating systems.

Windows NT
Windows 2000
Windows XP
Windows Vista
Windows 7


Displays or modifies access control lists (ACLs) of files

CACLS filename [/T] [/E] [/C] [/G user:perm] [/R user [...]] [/P user:perm [...]] [/D user [...]]

filename Displays ACLs.
/T Changes ACLs of specified files in the current directory and all subdirectories.
/E Edit ACL instead of replacing it.
/C Continue on access denied errors.
/G user:perm Grant specified user access rights.
Perm can be: R Read
W Write
C Change (write)
F Full control
/R user Revoke specified user's access rights (only valid with /E).
/P user:perm Replace specified user's access rights.
Perm can be: N None


W Write
C Change (write)
F Full control
/D user Deny specified user access.

Wildcards can be used to specify more that one file in a command. You can specify more than one user in a command.


cacls myfile.txt

Displays the ACLs for the myfile.txt file. Below is an example of what this may look like.

BUILTIN\Power Users:C

cacls myfile.txt /e /g mrhope:f

Grants the user "mrhope" full rights to the myfile.txt file. If user was to look at the ACLs again using the above command, they would now see that the mrhope user is in the list.

Additional information

  • See our ACL definition for further information and related links on this term.