MutexSecurity.RemoveAccessRuleSpecific(MutexAccessRule) Metod
Definition
Viktigt
En del information gäller för förhandsversionen av en produkt och kan komma att ändras avsevärt innan produkten blir allmänt tillgänglig. Microsoft lämnar inga garantier, uttryckliga eller underförstådda, avseende informationen som visas här.
Söker efter en regel för åtkomstkontroll som exakt matchar den angivna regeln och tar bort den om den hittas.
public:
void RemoveAccessRuleSpecific(System::Security::AccessControl::MutexAccessRule ^ rule);public void RemoveAccessRuleSpecific(System.Security.AccessControl.MutexAccessRule rule);override this.RemoveAccessRuleSpecific : System.Security.AccessControl.MutexAccessRule -> unitPublic Sub RemoveAccessRuleSpecific (rule As MutexAccessRule)Parametrar
- rule
- MutexAccessRule
Att MutexAccessRule ta bort.
Undantag
rule är null.
Exempel
Följande kodexempel visar att RemoveAccessRuleSpecific metoden kräver en exakt matchning för att ta bort en regel och att regler för att tillåta och neka rättigheter är oberoende av varandra.
Exemplet skapar ett MutexSecurity objekt, lägger till regler som tillåter och nekar olika rättigheter för den aktuella användaren och sammanfogar sedan ytterligare rättigheter till åtkomstregeln Allow . Exemplet skickar sedan den ursprungliga Allow regeln till RemoveAccessRuleSpecific metoden och visar resultatet, som visar att ingenting tas bort. Exemplet konstruerar sedan en regel som matchar Allow regeln i MutexSecurity objektet och använder RemoveAccessRuleSpecific metoden för att ta bort regeln.
Note
Det här exemplet bifogar inte säkerhetsobjektet till ett Mutex objekt. Exempel som bifogar säkerhetsobjekt finns i Mutex.GetAccessControl och Mutex.SetAccessControl.
using System;
using System.Threading;
using System.Security.AccessControl;
using System.Security.Principal;
public class Example
{
public static void Main()
{
// Create a string representing the current user.
string user = Environment.UserDomainName + "\\" +
Environment.UserName;
// Create a security object that grants no access.
MutexSecurity mSec = new MutexSecurity();
// Add a rule that grants the current user the
// right to enter or release the mutex.
MutexAccessRule ruleA = new MutexAccessRule(user,
MutexRights.Synchronize | MutexRights.Modify,
AccessControlType.Allow);
mSec.AddAccessRule(ruleA);
// Add a rule that denies the current user the
// right to change permissions on the mutex.
MutexAccessRule rule = new MutexAccessRule(user,
MutexRights.ChangePermissions,
AccessControlType.Deny);
mSec.AddAccessRule(rule);
// Display the rules in the security object.
ShowSecurity(mSec);
// Add a rule that allows the current user the
// right to read permissions on the mutex. This rule
// is merged with the existing Allow rule.
rule = new MutexAccessRule(user,
MutexRights.ReadPermissions,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
ShowSecurity(mSec);
// Attempt to remove the original rule (granting
// the right to enter or release the mutex) with
// RemoveAccessRuleSpecific. The removal fails,
// because the right to read the permissions on the
// mutex has been added to the rule, so that it no
// longer matches the original rule.
Console.WriteLine("Attempt to use RemoveAccessRuleSpecific on the original rule.");
mSec.RemoveAccessRuleSpecific(ruleA);
ShowSecurity(mSec);
// Create a rule that grants the current user
// the right to enter or release the mutex, and
// to read permissions. Use this rule to remove
// the Allow rule for the current user.
Console.WriteLine("Use RemoveAccessRuleSpecific with the correct rights.");
rule = new MutexAccessRule(user,
MutexRights.Synchronize | MutexRights.Modify |
MutexRights.ReadPermissions,
AccessControlType.Allow);
mSec.RemoveAccessRuleSpecific(rule);
ShowSecurity(mSec);
}
private static void ShowSecurity(MutexSecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach(MutexAccessRule ar in
security.GetAccessRules(true, true, typeof(NTAccount)))
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.MutexRights);
Console.WriteLine();
}
}
}
/*This code example produces output similar to following:
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: ChangePermissions
User: TestDomain\TestUser
Type: Allow
Rights: Modify, Synchronize
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: ChangePermissions
User: TestDomain\TestUser
Type: Allow
Rights: Modify, ReadPermissions, Synchronize
Attempt to use RemoveAccessRuleSpecific on the original rule.
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: ChangePermissions
User: TestDomain\TestUser
Type: Allow
Rights: Modify, ReadPermissions, Synchronize
Use RemoveAccessRuleSpecific with the correct rights.
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: ChangePermissions
*/
Imports System.Threading
Imports System.Security.AccessControl
Imports System.Security.Principal
Public Class Example
Public Shared Sub Main()
' Create a string representing the current user.
Dim user As String = Environment.UserDomainName _
& "\" & Environment.UserName
' Create a security object that grants no access.
Dim mSec As New MutexSecurity()
' Add a rule that grants the current user the
' right to enter or release the mutex.
Dim ruleA As New MutexAccessRule(user, _
MutexRights.Synchronize _
Or MutexRights.Modify, _
AccessControlType.Allow)
mSec.AddAccessRule(ruleA)
' Add a rule that denies the current user the
' right to change permissions on the mutex.
Dim rule As New MutexAccessRule(user, _
MutexRights.ChangePermissions, _
AccessControlType.Deny)
mSec.AddAccessRule(rule)
' Display the rules in the security object.
ShowSecurity(mSec)
' Add a rule that allows the current user the
' right to read permissions on the mutex. This rule
' is merged with the existing Allow rule.
rule = New MutexAccessRule(user, _
MutexRights.ReadPermissions, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
ShowSecurity(mSec)
' Attempt to remove the original rule (granting
' the right to enter or release the mutex) with
' RemoveAccessRuleSpecific. The removal fails,
' because the right to read the permissions on the
' mutex has been added to the rule, so that it no
' longer matches the original rule.
Console.WriteLine("Attempt to use RemoveAccessRuleSpecific on the original rule.")
mSec.RemoveAccessRuleSpecific(ruleA)
ShowSecurity(mSec)
' Create a rule that grants the current user
' the right to enter or release the mutex, and
' to read permissions. Use this rule to remove
' the Allow rule for the current user.
Console.WriteLine("Use RemoveAccessRuleSpecific with the correct rights.")
rule = New MutexAccessRule(user, _
MutexRights.Synchronize _
Or MutexRights.Modify _
Or MutexRights.ReadPermissions, _
AccessControlType.Allow)
mSec.RemoveAccessRuleSpecific(rule)
ShowSecurity(mSec)
End Sub
Private Shared Sub ShowSecurity(ByVal security As MutexSecurity)
Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)
For Each ar As MutexAccessRule In _
security.GetAccessRules(True, True, GetType(NTAccount))
Console.WriteLine(" User: {0}", ar.IdentityReference)
Console.WriteLine(" Type: {0}", ar.AccessControlType)
Console.WriteLine(" Rights: {0}", ar.MutexRights)
Console.WriteLine()
Next
End Sub
End Class
'This code example produces output similar to following:
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: ChangePermissions
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: Modify, Synchronize
'
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: ChangePermissions
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: Modify, ReadPermissions, Synchronize
'
'Attempt to use RemoveAccessRuleSpecific on the original rule.
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: ChangePermissions
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: Modify, ReadPermissions, Synchronize
'
'Use RemoveAccessRuleSpecific with the correct rights.
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: ChangePermissions
Kommentarer
Regeln tas bara bort om den exakt matchar rule i all information, inklusive flaggor. Andra regler med samma användare och AccessControlType påverkas inte.
Important
En regel representerar en eller flera underliggande åtkomstkontrollposter (ACE) och dessa poster delas upp eller kombineras efter behov när du ändrar åtkomstsäkerhetsreglerna för en användare. Det innebär att en regel kanske inte längre finns i den specifika form den hade när den lades till, och i så fall kan metoden inte ta bort den RemoveAccessRuleSpecific .
