Early Preview
This is currently very much a preview. Please feel free to try things out,
but don't be upset if anything is not yet working. Feedback is welcome over on our
GitHub Dicussions page.
class System.Security.AccessControl.ObjectSecurity
Assembly: System.Security.AccessControl
Inheritance: object → ObjectSecurity
Provides the ability to control access to objects without direct manipulation of Access Control Lists (ACLs). This class is the abstract base class for the <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> and <see cref="T:System.Security.AccessControl.DirectoryObjectSecurity" /> classes.
Properties
public
Type
AccessRightType
Gets the <see cref="T:System.Type" /> of the securable object associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object.
protected
bool
AccessRulesModified
Gets or sets a Boolean value that specifies whether the access rules associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object have been modified.
public
Type
AccessRuleType
Gets the <see cref="T:System.Type" /> of the object associated with the access rules of this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object. The <see cref="T:System.Type" /> object must be an object that can be cast as a <see cref="T:System.Security.Principal.SecurityIdentifier" /> object.
public
bool
AreAccessRulesCanonical
Gets a Boolean value that specifies whether the access rules associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object are in canonical order.
public
bool
AreAccessRulesProtected
Gets a Boolean value that specifies whether the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object is protected.
public
bool
AreAuditRulesCanonical
Gets a Boolean value that specifies whether the audit rules associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object are in canonical order.
public
bool
AreAuditRulesProtected
Gets a Boolean value that specifies whether the System Access Control List (SACL) associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object is protected.
protected
bool
AuditRulesModified
Gets or sets a Boolean value that specifies whether the audit rules associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object have been modified.
public
Type
AuditRuleType
Gets the <see cref="T:System.Type" /> object associated with the audit rules of this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object. The <see cref="T:System.Type" /> object must be an object that can be cast as a <see cref="T:System.Security.Principal.SecurityIdentifier" /> object.
protected
bool
GroupModified
Gets or sets a Boolean value that specifies whether the group associated with the securable object has been modified.
protected
bool
IsContainer
Gets a Boolean value that specifies whether this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object is a container object.
protected
bool
IsDS
Gets a Boolean value that specifies whether this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object is a directory object.
protected
bool
OwnerModified
Gets or sets a Boolean value that specifies whether the owner of the securable object has been modified.
protected
CommonSecurityDescriptor
SecurityDescriptor
Gets the security descriptor for this instance.
Methods
public
AccessRule
AccessRuleFactory(Principal.IdentityReference identityReference,
int accessMask,
bool isInherited,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AccessControlType type)
Initializes a new instance of the <see cref="T:System.Security.AccessControl.AccessRule" /> class with the specified values.
Returns The <see cref="T:System.Security.AccessControl.AccessRule" /> object that this method creates.
identityReference
The identity to which the access rule applies. It must be an object that can be cast as a <see cref="T:System.Security.Principal.SecurityIdentifier" /> .
accessMask
The access mask of this rule. The access mask is a 32-bit collection of anonymous bits, the meaning of which is defined by the individual integrators.
isInherited
true if this rule is inherited from a parent container.
inheritanceFlags
Specifies the inheritance properties of the access rule.
propagationFlags
Specifies whether inherited access rules are automatically propagated. The propagation flags are ignored if <paramref name="inheritanceFlags" /> is set to <see cref="F:System.Security.AccessControl.InheritanceFlags.None" /> .
type
Specifies the valid access control type.
public
AuditRule
AuditRuleFactory(Principal.IdentityReference identityReference,
int accessMask,
bool isInherited,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AuditFlags flags)
Initializes a new instance of the <see cref="T:System.Security.AccessControl.AuditRule" /> class with the specified values.
Returns The <see cref="T:System.Security.AccessControl.AuditRule" /> object that this method creates.
identityReference
The identity to which the audit rule applies. It must be an object that can be cast as a <see cref="T:System.Security.Principal.SecurityIdentifier" /> .
accessMask
The access mask of this rule. The access mask is a 32-bit collection of anonymous bits, the meaning of which is defined by the individual integrators.
isInherited
<see langword="true" /> if this rule is inherited from a parent container.
inheritanceFlags
Specifies the inheritance properties of the audit rule.
propagationFlags
Specifies whether inherited audit rules are automatically propagated. The propagation flags are ignored if <paramref name="inheritanceFlags" /> is set to <see cref="F:System.Security.AccessControl.InheritanceFlags.None" /> .
flags
Specifies the conditions for which the rule is audited.
public
Principal.IdentityReference
GetGroup(Type targetType)
Gets the primary group associated with the specified owner.
Returns The primary group associated with the specified owner.
targetType
The owner for which to get the primary group.
public
Principal.IdentityReference
GetOwner(Type targetType)
Gets the owner associated with the specified primary group.
Returns The owner associated with the specified group.
targetType
The primary group for which to get the owner.
public
byte[]
GetSecurityDescriptorBinaryForm()
Returns an array of byte values that represents the security descriptor information for this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object.
Returns An array of byte values that represents the security descriptor for this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object. This method returns <see langword="null" /> if there is no security information in this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object.
public
string
GetSecurityDescriptorSddlForm(AccessControlSections includeSections)
Returns the Security Descriptor Definition Language (SDDL) representation of the specified sections of the security descriptor associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object.
Returns The SDDL representation of the specified sections of the security descriptor associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object.
includeSections
Specifies which sections (access rules, audit rules, primary group, owner) of the security descriptor to get.
public static
bool
IsSddlConversionSupported()
Returns a Boolean value that specifies whether the security descriptor associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object can be converted to the Security Descriptor Definition Language (SDDL) format.
Returns <see langword="true" /> if the security descriptor associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object can be converted to the Security Descriptor Definition Language (SDDL) format; otherwise, <see langword="false" /> .
protected
bool
ModifyAccess(AccessControlModification modification,
AccessRule rule,
Boolean& modified)
public
bool
ModifyAccessRule(AccessControlModification modification,
AccessRule rule,
Boolean& modified)
protected
bool
ModifyAudit(AccessControlModification modification,
AuditRule rule,
Boolean& modified)
public
bool
ModifyAuditRule(AccessControlModification modification,
AuditRule rule,
Boolean& modified)
protected
void
Persist(bool enableOwnershipPrivilege,
string name,
AccessControlSections includeSections)
Saves the specified sections of the security descriptor associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object to permanent storage. We recommend that the values of the <paramref name="includeSections" /> parameters passed to the constructor and persist methods be identical.
enableOwnershipPrivilege
<see langword="true" /> to enable the privilege that allows the caller to take ownership of the object.
name
The name used to retrieve the persisted information.
includeSections
One of the <see cref="T:System.Security.AccessControl.AccessControlSections" /> enumeration values that specifies the sections of the security descriptor (access rules, audit rules, owner, primary group) of the securable object to save.
protected
void
Persist(Runtime.InteropServices.SafeHandle handle,
AccessControlSections includeSections)
Saves the specified sections of the security descriptor associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object to permanent storage. We recommend that the values of the <paramref name="includeSections" /> parameters passed to the constructor and persist methods be identical.
handle
The handle used to retrieve the persisted information.
includeSections
One of the <see cref="T:System.Security.AccessControl.AccessControlSections" /> enumeration values that specifies the sections of the security descriptor (access rules, audit rules, owner, primary group) of the securable object to save.
protected
void
Persist(string name,
AccessControlSections includeSections)
Saves the specified sections of the security descriptor associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object to permanent storage. We recommend that the values of the <paramref name="includeSections" /> parameters passed to the constructor and persist methods be identical.
name
The name used to retrieve the persisted information.
includeSections
One of the <see cref="T:System.Security.AccessControl.AccessControlSections" /> enumeration values that specifies the sections of the security descriptor (access rules, audit rules, owner, primary group) of the securable object to save.
public
void
PurgeAccessRules(Principal.IdentityReference identity)
Removes all access rules associated with the specified <see cref="T:System.Security.Principal.IdentityReference" /> .
identity
The <see cref="T:System.Security.Principal.IdentityReference" /> for which to remove all access rules.
public
void
PurgeAuditRules(Principal.IdentityReference identity)
Removes all audit rules associated with the specified <see cref="T:System.Security.Principal.IdentityReference" /> .
identity
The <see cref="T:System.Security.Principal.IdentityReference" /> for which to remove all audit rules.
protected
void
ReadLock()
Locks this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object for read access.
protected
void
ReadUnlock()
Unlocks this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object for read access.
public
void
SetAccessRuleProtection(bool isProtected,
bool preserveInheritance)
Sets or removes protection of the access rules associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object. Protected access rules cannot be modified by parent objects through inheritance.
isProtected
<see langword="true" /> to protect the access rules associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object from inheritance; <see langword="false" /> to allow inheritance.
preserveInheritance
<see langword="true" /> to preserve inherited access rules; <see langword="false" /> to remove inherited access rules. This parameter is ignored if <paramref name="isProtected" /> is <see langword="false" /> .
public
void
SetAuditRuleProtection(bool isProtected,
bool preserveInheritance)
Sets or removes protection of the audit rules associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object. Protected audit rules cannot be modified by parent objects through inheritance.
isProtected
<see langword="true" /> to protect the audit rules associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object from inheritance; <see langword="false" /> to allow inheritance.
preserveInheritance
<see langword="true" /> to preserve inherited audit rules; <see langword="false" /> to remove inherited audit rules. This parameter is ignored if <paramref name="isProtected" /> is <see langword="false" /> .
public
void
SetGroup(Principal.IdentityReference identity)
Sets the primary group for the security descriptor associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object.
identity
The primary group to set.
public
void
SetOwner(Principal.IdentityReference identity)
Sets the owner for the security descriptor associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object.
identity
The owner to set.
public
void
SetSecurityDescriptorBinaryForm(byte[] binaryForm)
Sets the security descriptor for this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object from the specified array of byte values.
binaryForm
The array of bytes from which to set the security descriptor.
public
void
SetSecurityDescriptorBinaryForm(byte[] binaryForm,
AccessControlSections includeSections)
Sets the specified sections of the security descriptor for this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object from the specified array of byte values.
binaryForm
The array of bytes from which to set the security descriptor.
includeSections
The sections (access rules, audit rules, owner, primary group) of the security descriptor to set.
public
void
SetSecurityDescriptorSddlForm(string sddlForm)
Sets the security descriptor for this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object from the specified Security Descriptor Definition Language (SDDL) string.
sddlForm
The SDDL string from which to set the security descriptor.
public
void
SetSecurityDescriptorSddlForm(string sddlForm,
AccessControlSections includeSections)
Sets the specified sections of the security descriptor for this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object from the specified Security Descriptor Definition Language (SDDL) string.
sddlForm
The SDDL string from which to set the security descriptor.
includeSections
The sections (access rules, audit rules, owner, primary group) of the security descriptor to set.
protected
void
WriteLock()
Locks this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object for write access.
protected
void
WriteUnlock()
Unlocks this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object for write access.
public
bool
Equals(object obj)
Inherited from object
protected
void
Finalize()
Inherited from object
public
int
GetHashCode()
Inherited from object
protected
object
MemberwiseClone()
Inherited from object
public
string
ToString()
Inherited from object