RegistrySecurity.RemoveAccessRuleSpecific(RegistryAccessRule) Método
Definición
Importante
Parte de la información hace referencia a la versión preliminar del producto, que puede haberse modificado sustancialmente antes de lanzar la versión definitiva. Microsoft no otorga ninguna garantía, explícita o implícita, con respecto a la información proporcionada aquí.
Busca una regla de control de acceso que coincida exactamente con la regla especificada y, si la encuentra, la quita.
public:
void RemoveAccessRuleSpecific(System::Security::AccessControl::RegistryAccessRule ^ rule);public void RemoveAccessRuleSpecific (System.Security.AccessControl.RegistryAccessRule rule);override this.RemoveAccessRuleSpecific : System.Security.AccessControl.RegistryAccessRule -> unitPublic Sub RemoveAccessRuleSpecific (rule As RegistryAccessRule)Parámetros
- rule
- RegistryAccessRule
RegistryAccessRule que se va a quitar.
Excepciones
rule es null.
Ejemplos
En el ejemplo de código siguiente se muestra que el RemoveAccessRuleSpecific método quita una regla solo si coincide exactamente.
En el ejemplo se crean dos reglas que permiten derechos diferentes. Las reglas tienen marcas de herencia y propagación compatibles, por lo que cuando se agrega la segunda regla, se combina con la primera. En el ejemplo se llama al RemoveAccessRuleSpecific método , especificando la primera regla, pero porque las reglas se combinan no hay ninguna regla que coincida. A continuación, el ejemplo llama al RemoveAccessRule método para quitar la segunda regla de la regla combinada y, por último, llama al RemoveAccessRuleSpecific método para quitar la primera regla.
Nota
En este ejemplo no se adjunta el objeto de seguridad a un RegistryKey objeto . Vea el RegistryKey.GetAccessControl método y el RegistryKey.SetAccessControl método .
using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;
public class Example
{
public static void Main()
{
string user = Environment.UserDomainName + "\\"
+ Environment.UserName;
// Create a security object that grants no access.
RegistrySecurity mSec = new RegistrySecurity();
// Add a rule that grants the current user the right
// to read and enumerate the name/value pairs in a key,
// to read its access and audit rules, to enumerate
// its subkeys, to create subkeys, and to delete the key.
// The rule is inherited by all contained subkeys.
//
RegistryAccessRule rule1 = new RegistryAccessRule(user,
RegistryRights.ReadKey | RegistryRights.WriteKey
| RegistryRights.Delete,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow);
mSec.AddAccessRule(rule1);
// Add a rule that allows the current user the right
// right to take ownership of a key, using the same
// inheritance and propagation flags. This rule
// merges with the first rule.
RegistryAccessRule rule2 = new RegistryAccessRule(user,
RegistryRights.ChangePermissions,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow);
mSec.AddAccessRule(rule2);
// Display the rules in the security object.
ShowSecurity(mSec);
// Attempt to use RemoveRuleSpecific to remove the
// first rule. The removal fails, because the rule
// in the RegistrySecurity object has been altered.
mSec.RemoveAccessRuleSpecific(rule1);
// Show that the rule was not removed.
ShowSecurity(mSec);
// Use the RemoveAccessRule method to remove rule2,
// and then use RemoveAccessRuleSpecific to remove
// rule1.
mSec.RemoveAccessRule(rule2);
mSec.RemoveAccessRuleSpecific(rule1);
// Show that the rules have been removed.
ShowSecurity(mSec);
}
private static void ShowSecurity(RegistrySecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach( RegistryAccessRule ar in
security.GetAccessRules(true, true, typeof(NTAccount)) )
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.RegistryRights);
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
Console.WriteLine(" Inherited? {0}", ar.IsInherited);
Console.WriteLine();
}
}
}
/* This code example produces output similar to following:
Current access rules:
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey, ChangePermissions
Inheritance: ContainerInherit
Propagation: None
Inherited? False
Current access rules:
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey, ChangePermissions
Inheritance: ContainerInherit
Propagation: None
Inherited? False
Current access rules:
*/
Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32
Public Class Example
Public Shared Sub Main()
Dim user As String = Environment.UserDomainName _
& "\" & Environment.UserName
' Create a security object that grants no access.
Dim mSec As New RegistrySecurity()
' Add a rule that grants the current user the right
' to read and enumerate the name/value pairs in a key,
' to read its access and audit rules, to enumerate
' its subkeys, to create subkeys, and to delete the key.
' The rule is inherited by all contained subkeys.
'
Dim rule1 As New RegistryAccessRule(user, _
RegistryRights.ReadKey Or RegistryRights.WriteKey _
Or RegistryRights.Delete, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.None, _
AccessControlType.Allow)
mSec.AddAccessRule(rule1)
' Add a rule that allows the current user the right
' right to take ownership of a key, using the same
' inheritance and propagation flags. This rule
' merges with the first rule.
Dim rule2 As New RegistryAccessRule(user, _
RegistryRights.ChangePermissions, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.None, _
AccessControlType.Allow)
mSec.AddAccessRule(rule2)
' Display the rules in the security object.
ShowSecurity(mSec)
' Attempt to use RemoveRuleSpecific to remove the
' first rule. The removal fails, because the rule
' in the RegistrySecurity object has been altered.
mSec.RemoveAccessRuleSpecific(rule1)
' Show that the rule was not removed.
ShowSecurity(mSec)
' Use the RemoveAccessRule method to remove rule2,
' and then use RemoveAccessRuleSpecific to remove
' rule1.
mSec.RemoveAccessRule(rule2)
mSec.RemoveAccessRuleSpecific(rule1)
' Show that the rules have been removed.
ShowSecurity(mSec)
End Sub
Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)
For Each ar As RegistryAccessRule In _
security.GetAccessRules(True, True, GetType(NTAccount))
Console.WriteLine(" User: {0}", ar.IdentityReference)
Console.WriteLine(" Type: {0}", ar.AccessControlType)
Console.WriteLine(" Rights: {0}", ar.RegistryRights)
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
Console.WriteLine(" Inherited? {0}", ar.IsInherited)
Console.WriteLine()
Next
End Sub
End Class
'This code example produces output similar to following:
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey, ChangePermissions
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? False
'
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey, ChangePermissions
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? False
'
'
'Current access rules:
'
Comentarios
La regla solo se quita si coincide rule exactamente con todos los detalles, incluidas las marcas. Otras reglas con el mismo usuario y AccessControlType no se ven afectadas.
Importante
Una regla representa una o varias entradas de control de acceso subyacentes (ACE), y estas entradas se dividen o combinan según sea necesario cuando se modifican las reglas de seguridad de acceso para un usuario. Por lo tanto, es posible que una regla ya no exista en la forma específica que tenía cuando se agregó y, en ese caso, el RemoveAccessRuleSpecific método no puede quitarla.
