What is a good way of checking to see if a particular user may access a particular file?

Question

I am working on application which runs as a special unprivileged user. I would like to be able to easily check to see if the user can read a given file. It seems like this should be easy, even when I go into the file in Windows Explorer and see that the read permission is checked, it sometimes seems that there is still something preventing the user from reading the file (such as a parent directory that the user cannot browse) when I try to read it as the user programmatically.

The user has no console logon permission, so I can't just log in as the user and try to read the file.

So...

If I want to know, "Does UserBob have access to file c:\specialPath\specialFile, what is an easy way to find out? BTW, my environment is Windows Server 2003.

UPDATE: To clarify, I want to do something like this:

if UserHasAccess(UserBob, @"c:\specialPath\specialFile")
{
 doStuff(); 
}
else
{
 // error handling
}

UPDATE:

I've received one answer suggesting that I simply try to open the file. The problem is that the code that opens the file runs under a special system account and is encapsulated in another library. Therefore, let me ask: how can I make my code that tries to open the file run as that special system account. Assume that I have administrator access to the machine the code will run on.

Answer 1

The easiest way to find out is just to try and open the file. If it fails then you didn't have access.

I assume what you're really trying to find out is why UserBob can't access the file. Unfortunately, there's not much you can do as UserBob to find out. In particular, it would be considered a disclosure of information vulnerability if were possible.

What you could do, as an Administrator, is enable auditing for that particular file. Right-click the file, select Security and go to the Auditing tab. Another option would be to use Process Monitor to monitor what's going on while the program is running.