Early Preview
This is currently very much a preview. Please feel free to try things out,
but don't be upset if anything is not yet working. Feedback is welcome over on our
GitHub Dicussions page.
class System.Security.AccessControl.ObjectSecurity<T>
Assembly: System.Security.AccessControl
Inheritance: object → ObjectSecurity → CommonObjectSecurity → NativeObjectSecurity → ObjectSecurity
Provides the ability to control access to objects without direct manipulation of Access Control Lists (ACLs); also grants the ability to type-cast access rights.
Properties
public
Type
AccessRightType
Gets the Type of the securable object associated with this ObjectSecurity`1 object.
public
Type
AccessRuleType
Gets the Type of the object associated with the access rules of this ObjectSecurity`1 object.
public
Type
AuditRuleType
Gets the Type object associated with the audit rules of this ObjectSecurity`1 object.
protected
bool
AccessRulesModified
Gets or sets a Boolean value that specifies whether the access rules associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object have been modified.
public
bool
AreAccessRulesCanonical
Gets a Boolean value that specifies whether the access rules associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object are in canonical order.
public
bool
AreAccessRulesProtected
Gets a Boolean value that specifies whether the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object is protected.
public
bool
AreAuditRulesCanonical
Gets a Boolean value that specifies whether the audit rules associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object are in canonical order.
public
bool
AreAuditRulesProtected
Gets a Boolean value that specifies whether the System Access Control List (SACL) associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object is protected.
protected
bool
AuditRulesModified
Gets or sets a Boolean value that specifies whether the audit rules associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object have been modified.
protected
bool
GroupModified
Gets or sets a Boolean value that specifies whether the group associated with the securable object has been modified.
protected
bool
IsContainer
Gets a Boolean value that specifies whether this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object is a container object.
protected
bool
IsDS
Gets a Boolean value that specifies whether this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object is a directory object.
protected
bool
OwnerModified
Gets or sets a Boolean value that specifies whether the owner of the securable object has been modified.
protected
CommonSecurityDescriptor
SecurityDescriptor
Gets the security descriptor for this instance.
Methods
public
AccessRule
AccessRuleFactory(Principal.IdentityReference identityReference,
int accessMask,
bool isInherited,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AccessControlType type)
Initializes a new instance of the ObjectAccessRule class that represents a new access control rule for the associated security object.
Returns Represents a new access control rule for the specified user, with the specified access rights, access control, and flags.
identityReference
Represents a user account.
accessMask
The access type.
isInherited
<see langword="true" /> if the access rule is inherited; otherwise, <see langword="false" /> .
inheritanceFlags
Specifies how to propagate access masks to child objects.
propagationFlags
Specifies how to propagate Access Control Entries (ACEs) to child objects.
type
Specifies whether access is allowed or denied.
public
void
AddAccessRule(AccessRule<T> rule)
Adds the specified access rule to the Discretionary Access Control List (DACL) associated with this ObjectSecurity`1 object.
rule
The rule to add.
public
void
AddAuditRule(AuditRule<T> rule)
Adds the specified audit rule to the System Access Control List (SACL) associated with this ObjectSecurity`1 object.
rule
The audit rule to add.
public
AuditRule
AuditRuleFactory(Principal.IdentityReference identityReference,
int accessMask,
bool isInherited,
InheritanceFlags inheritanceFlags,
PropagationFlags propagationFlags,
AuditFlags flags)
Initializes a new instance of the <see cref="T:System.Security.AccessControl.AuditRule" /> class representing the specified audit rule for the specified user.
Returns The specified audit rule for the specified user.
identityReference
Represents a user account.
accessMask
An integer that specifies an access type.
isInherited
<see langword="true" /> if the access rule is inherited; otherwise, <see langword="false" /> .
inheritanceFlags
Specifies how to propagate access masks to child objects.
propagationFlags
Specifies how to propagate Access Control Entries (ACEs) to child objects.
flags
Describes the type of auditing to perform.
public
bool
RemoveAccessRule(AccessRule<T> rule)
Removes access rules that contain the same security identifier and access mask as the specified access rule from the Discretionary Access Control List (DACL) associated with this ObjectSecurity`1 object.
Returns <see langword="true" /> if the access rule was successfully removed; otherwise, <see langword="false" /> .
rule
The rule to remove.
public
void
RemoveAccessRuleAll(AccessRule<T> rule)
Removes all access rules that have the same security identifier as the specified access rule from the Discretionary Access Control List (DACL) associated with this ObjectSecurity`1 object.
rule
The access rule to remove.
public
void
RemoveAccessRuleSpecific(AccessRule<T> rule)
Removes all access rules that exactly match the specified access rule from the Discretionary Access Control List (DACL) associated with this ObjectSecurity`1 object.
rule
The access rule to remove.
public
bool
RemoveAuditRule(AuditRule<T> rule)
Removes audit rules that contain the same security identifier and access mask as the specified audit rule from the System Access Control List (SACL) associated with this ObjectSecurity`1 object.
Returns <see langword="true" /> if the object was removed; otherwise, <see langword="false" /> .
rule
The audit rule to remove.
public
void
RemoveAuditRuleAll(AuditRule<T> rule)
Removes all audit rules that have the same security identifier as the specified audit rule from the System Access Control List (SACL) associated with this ObjectSecurity`1 object.
rule
The audit rule to remove.
public
void
RemoveAuditRuleSpecific(AuditRule<T> rule)
Removes all audit rules that exactly match the specified audit rule from the System Access Control List (SACL) associated with this ObjectSecurity`1 object.
rule
The audit rule to remove.
public
void
ResetAccessRule(AccessRule<T> rule)
Removes all access rules in the Discretionary Access Control List (DACL) associated with this ObjectSecurity`1 object and then adds the specified access rule.
rule
The access rule to reset.
public
void
SetAccessRule(AccessRule<T> rule)
Removes all access rules that contain the same security identifier and qualifier as the specified access rule in the Discretionary Access Control List (DACL) associated with this ObjectSecurity`1 object and then adds the specified access rule.
rule
The access rule to set.
public
void
SetAuditRule(AuditRule<T> rule)
Removes all audit rules that contain the same security identifier and qualifier as the specified audit rule in the System Access Control List (SACL) associated with this ObjectSecurity`1 object and then adds the specified audit rule.
rule
The audit rule to set.
protected
void
Persist(Runtime.InteropServices.SafeHandle handle,
AccessControlSections includeSections)
Inherited from NativeObjectSecurity
Saves the specified sections of the security descriptor associated with this <see cref="T:System.Security.AccessControl.NativeObjectSecurity" /> object to permanent storage. We recommend.persist that the values of the <paramref name="includeSections" /> parameters passed to the constructor and persist methods be identical.
handle
The handle of the securable object with which this <see cref="T:System.Security.AccessControl.NativeObjectSecurity" /> object is associated.
includeSections
One of the <see cref="T:System.Security.AccessControl.AccessControlSections" /> enumeration values that specifies the sections of the security descriptor (access rules, audit rules, owner, primary group) of the securable object to save.
protected
void
Persist(Runtime.InteropServices.SafeHandle handle,
AccessControlSections includeSections,
object exceptionContext)
Inherited from NativeObjectSecurity
Saves the specified sections of the security descriptor associated with this <see cref="T:System.Security.AccessControl.NativeObjectSecurity" /> object to permanent storage. We recommend that the values of the <paramref name="includeSections" /> parameters passed to the constructor and persist methods be identical.
handle
The handle of the securable object with which this <see cref="T:System.Security.AccessControl.NativeObjectSecurity" /> object is associated.
includeSections
One of the <see cref="T:System.Security.AccessControl.AccessControlSections" /> enumeration values that specifies the sections of the security descriptor (access rules, audit rules, owner, primary group) of the securable object to save.
exceptionContext
An object that contains contextual information about the source or destination of the exception.
protected
void
Persist(string name,
AccessControlSections includeSections)
Inherited from NativeObjectSecurity
Saves the specified sections of the security descriptor associated with this <see cref="T:System.Security.AccessControl.NativeObjectSecurity" /> object to permanent storage. We recommend that the values of the <paramref name="includeSections" /> parameters passed to the constructor and persist methods be identical.
name
The name of the securable object with which this <see cref="T:System.Security.AccessControl.NativeObjectSecurity" /> object is associated.
includeSections
One of the <see cref="T:System.Security.AccessControl.AccessControlSections" /> enumeration values that specifies the sections of the security descriptor (access rules, audit rules, owner, primary group) of the securable object to save.
protected
void
Persist(string name,
AccessControlSections includeSections,
object exceptionContext)
Inherited from NativeObjectSecurity
Saves the specified sections of the security descriptor associated with this <see cref="T:System.Security.AccessControl.NativeObjectSecurity" /> object to permanent storage. We recommend that the values of the <paramref name="includeSections" /> parameters passed to the constructor and persist methods be identical.
name
The name of the securable object with which this <see cref="T:System.Security.AccessControl.NativeObjectSecurity" /> object is associated.
includeSections
One of the <see cref="T:System.Security.AccessControl.AccessControlSections" /> enumeration values that specifies the sections of the security descriptor (access rules, audit rules, owner, primary group) of the securable object to save.
exceptionContext
An object that contains contextual information about the source or destination of the exception.
protected
void
AddAccessRule(AccessRule rule)
Inherited from CommonObjectSecurity
Adds the specified access rule to the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> object.
rule
The access rule to add.
protected
void
AddAuditRule(AuditRule rule)
Inherited from CommonObjectSecurity
Adds the specified audit rule to the System Access Control List (SACL) associated with this <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> object.
rule
The audit rule to add.
public
AuthorizationRuleCollection
GetAccessRules(bool includeExplicit,
bool includeInherited,
Type targetType)
Inherited from CommonObjectSecurity
Gets a collection of the access rules associated with the specified security identifier.
Returns The collection of access rules associated with the specified <see cref="T:System.Security.Principal.SecurityIdentifier" /> object.
includeExplicit
<see langword="true" /> to include access rules explicitly set for the object.
includeInherited
<see langword="true" /> to include inherited access rules.
targetType
Specifies whether the security identifier for which to retrieve access rules is of type <see cref="T:System.Security.Principal.SecurityIdentifier" /> or type <see cref="T:System.Security.Principal.NTAccount" /> . The value of this parameter must be a type that can be translated to the <see cref="T:System.Security.Principal.SecurityIdentifier" /> type.
public
AuthorizationRuleCollection
GetAuditRules(bool includeExplicit,
bool includeInherited,
Type targetType)
Inherited from CommonObjectSecurity
Gets a collection of the audit rules associated with the specified security identifier.
Returns The collection of audit rules associated with the specified <see cref="T:System.Security.Principal.SecurityIdentifier" /> object.
includeExplicit
<see langword="true" /> to include audit rules explicitly set for the object.
includeInherited
<see langword="true" /> to include inherited audit rules.
targetType
The security identifier for which to retrieve audit rules. This must be an object that can be cast as a <see cref="T:System.Security.Principal.SecurityIdentifier" /> object.
protected
bool
ModifyAccess(AccessControlModification modification,
AccessRule rule,
Boolean& modified)
Inherited from CommonObjectSecurity
protected
bool
ModifyAudit(AccessControlModification modification,
AuditRule rule,
Boolean& modified)
Inherited from CommonObjectSecurity
protected
bool
RemoveAccessRule(AccessRule rule)
Inherited from CommonObjectSecurity
Removes access rules that contain the same security identifier and access mask as the specified access rule from the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> object.
Returns <see langword="true" /> if the access rule was successfully removed; otherwise, <see langword="false" /> .
rule
The access rule to remove.
protected
void
RemoveAccessRuleAll(AccessRule rule)
Inherited from CommonObjectSecurity
Removes all access rules that have the same security identifier as the specified access rule from the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> object.
rule
The access rule to remove.
protected
void
RemoveAccessRuleSpecific(AccessRule rule)
Inherited from CommonObjectSecurity
Removes all access rules that exactly match the specified access rule from the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> object.
rule
The access rule to remove.
protected
bool
RemoveAuditRule(AuditRule rule)
Inherited from CommonObjectSecurity
Removes audit rules that contain the same security identifier and access mask as the specified audit rule from the System Access Control List (SACL) associated with this <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> object.
Returns <see langword="true" /> if the audit rule was successfully removed; otherwise, <see langword="false" /> .
rule
The audit rule to remove.
protected
void
RemoveAuditRuleAll(AuditRule rule)
Inherited from CommonObjectSecurity
Removes all audit rules that have the same security identifier as the specified audit rule from the System Access Control List (SACL) associated with this <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> object.
rule
The audit rule to remove.
protected
void
RemoveAuditRuleSpecific(AuditRule rule)
Inherited from CommonObjectSecurity
Removes all audit rules that exactly match the specified audit rule from the System Access Control List (SACL) associated with this <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> object.
rule
The audit rule to remove.
protected
void
ResetAccessRule(AccessRule rule)
Inherited from CommonObjectSecurity
Removes all access rules in the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> object and then adds the specified access rule.
rule
The access rule to reset.
protected
void
SetAccessRule(AccessRule rule)
Inherited from CommonObjectSecurity
Removes all access rules that contain the same security identifier and qualifier as the specified access rule in the Discretionary Access Control List (DACL) associated with this <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> object and then adds the specified access rule.
rule
The access rule to set.
protected
void
SetAuditRule(AuditRule rule)
Inherited from CommonObjectSecurity
Removes all audit rules that contain the same security identifier and qualifier as the specified audit rule in the System Access Control List (SACL) associated with this <see cref="T:System.Security.AccessControl.CommonObjectSecurity" /> object and then adds the specified audit rule.
rule
The audit rule to set.
public
Principal.IdentityReference
GetGroup(Type targetType)
Inherited from ObjectSecurity
Gets the primary group associated with the specified owner.
Returns The primary group associated with the specified owner.
targetType
The owner for which to get the primary group.
public
Principal.IdentityReference
GetOwner(Type targetType)
Inherited from ObjectSecurity
Gets the owner associated with the specified primary group.
Returns The owner associated with the specified group.
targetType
The primary group for which to get the owner.
public
byte[]
GetSecurityDescriptorBinaryForm()
Inherited from ObjectSecurity
Returns an array of byte values that represents the security descriptor information for this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object.
Returns An array of byte values that represents the security descriptor for this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object. This method returns <see langword="null" /> if there is no security information in this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object.
public
string
GetSecurityDescriptorSddlForm(AccessControlSections includeSections)
Inherited from ObjectSecurity
Returns the Security Descriptor Definition Language (SDDL) representation of the specified sections of the security descriptor associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object.
Returns The SDDL representation of the specified sections of the security descriptor associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object.
includeSections
Specifies which sections (access rules, audit rules, primary group, owner) of the security descriptor to get.
public
bool
ModifyAccessRule(AccessControlModification modification,
AccessRule rule,
Boolean& modified)
Inherited from ObjectSecurity
public
bool
ModifyAuditRule(AccessControlModification modification,
AuditRule rule,
Boolean& modified)
Inherited from ObjectSecurity
protected
void
Persist(bool enableOwnershipPrivilege,
string name,
AccessControlSections includeSections)
Inherited from ObjectSecurity
Saves the specified sections of the security descriptor associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object to permanent storage. We recommend that the values of the <paramref name="includeSections" /> parameters passed to the constructor and persist methods be identical.
enableOwnershipPrivilege
<see langword="true" /> to enable the privilege that allows the caller to take ownership of the object.
name
The name used to retrieve the persisted information.
includeSections
One of the <see cref="T:System.Security.AccessControl.AccessControlSections" /> enumeration values that specifies the sections of the security descriptor (access rules, audit rules, owner, primary group) of the securable object to save.
public
void
PurgeAccessRules(Principal.IdentityReference identity)
Inherited from ObjectSecurity
Removes all access rules associated with the specified <see cref="T:System.Security.Principal.IdentityReference" /> .
identity
The <see cref="T:System.Security.Principal.IdentityReference" /> for which to remove all access rules.
public
void
PurgeAuditRules(Principal.IdentityReference identity)
Inherited from ObjectSecurity
Removes all audit rules associated with the specified <see cref="T:System.Security.Principal.IdentityReference" /> .
identity
The <see cref="T:System.Security.Principal.IdentityReference" /> for which to remove all audit rules.
protected
void
ReadLock()
Inherited from ObjectSecurity
Locks this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object for read access.
protected
void
ReadUnlock()
Inherited from ObjectSecurity
Unlocks this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object for read access.
public
void
SetAccessRuleProtection(bool isProtected,
bool preserveInheritance)
Inherited from ObjectSecurity
Sets or removes protection of the access rules associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object. Protected access rules cannot be modified by parent objects through inheritance.
isProtected
<see langword="true" /> to protect the access rules associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object from inheritance; <see langword="false" /> to allow inheritance.
preserveInheritance
<see langword="true" /> to preserve inherited access rules; <see langword="false" /> to remove inherited access rules. This parameter is ignored if <paramref name="isProtected" /> is <see langword="false" /> .
public
void
SetAuditRuleProtection(bool isProtected,
bool preserveInheritance)
Inherited from ObjectSecurity
Sets or removes protection of the audit rules associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object. Protected audit rules cannot be modified by parent objects through inheritance.
isProtected
<see langword="true" /> to protect the audit rules associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object from inheritance; <see langword="false" /> to allow inheritance.
preserveInheritance
<see langword="true" /> to preserve inherited audit rules; <see langword="false" /> to remove inherited audit rules. This parameter is ignored if <paramref name="isProtected" /> is <see langword="false" /> .
public
void
SetGroup(Principal.IdentityReference identity)
Inherited from ObjectSecurity
Sets the primary group for the security descriptor associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object.
identity
The primary group to set.
public
void
SetOwner(Principal.IdentityReference identity)
Inherited from ObjectSecurity
Sets the owner for the security descriptor associated with this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object.
identity
The owner to set.
public
void
SetSecurityDescriptorBinaryForm(byte[] binaryForm)
Inherited from ObjectSecurity
Sets the security descriptor for this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object from the specified array of byte values.
binaryForm
The array of bytes from which to set the security descriptor.
public
void
SetSecurityDescriptorBinaryForm(byte[] binaryForm,
AccessControlSections includeSections)
Inherited from ObjectSecurity
Sets the specified sections of the security descriptor for this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object from the specified array of byte values.
binaryForm
The array of bytes from which to set the security descriptor.
includeSections
The sections (access rules, audit rules, owner, primary group) of the security descriptor to set.
public
void
SetSecurityDescriptorSddlForm(string sddlForm)
Inherited from ObjectSecurity
Sets the security descriptor for this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object from the specified Security Descriptor Definition Language (SDDL) string.
sddlForm
The SDDL string from which to set the security descriptor.
public
void
SetSecurityDescriptorSddlForm(string sddlForm,
AccessControlSections includeSections)
Inherited from ObjectSecurity
Sets the specified sections of the security descriptor for this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object from the specified Security Descriptor Definition Language (SDDL) string.
sddlForm
The SDDL string from which to set the security descriptor.
includeSections
The sections (access rules, audit rules, owner, primary group) of the security descriptor to set.
protected
void
WriteLock()
Inherited from ObjectSecurity
Locks this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object for write access.
protected
void
WriteUnlock()
Inherited from ObjectSecurity
Unlocks this <see cref="T:System.Security.AccessControl.ObjectSecurity" /> object for write access.
public
bool
Equals(object obj)
Inherited from object
protected
void
Finalize()
Inherited from object
public
int
GetHashCode()
Inherited from object
protected
object
MemberwiseClone()
Inherited from object
public
string
ToString()
Inherited from object