RegistrySecurity.SetAccessRule(RegistryAccessRule) Yöntem
Tanım
Önemli
Bazı bilgiler ürünün ön sürümüyle ilgilidir ve sürüm öncesinde önemli değişiklikler yapılmış olabilir. Burada verilen bilgilerle ilgili olarak Microsoft açık veya zımni hiçbir garanti vermez.
Belirtilen kuralla aynı kullanıcı ve AccessControlType (izin ver veya reddet) ile tüm erişim denetimi kurallarını kaldırır ve ardından belirtilen kuralı ekler.
public:
void SetAccessRule(System::Security::AccessControl::RegistryAccessRule ^ rule);public void SetAccessRule (System.Security.AccessControl.RegistryAccessRule rule);override this.SetAccessRule : System.Security.AccessControl.RegistryAccessRule -> unitPublic Sub SetAccessRule (rule As RegistryAccessRule)Parametreler
- rule
- RegistryAccessRule
RegistryAccessRule Eklenecek. Bu kural eklenmeden önce kaldırılacak kuralları kullanıcı ve AccessControlType bu kuralın kullanıcısı belirler.
Özel durumlar
rule, null değeridir.
Örnekler
Aşağıdaki kod örneği, yönteminin SetAccessRule hem kullanıcıyla hem de ile eşleşen tüm kuralları kaldırarak hakları ve AccessControlTyperulebayrakları yok saydığını ve bunları ile ruledeğiştirdiğini gösterir.
Örnek bir RegistrySecurity nesnesi oluşturur ve geçerli kullanıcı için farklı devralma ve yayma bayraklarıyla çeşitli haklara izin veren ve reddeden kurallar ekler. Örnek daha sonra geçerli kullanıcının yalnızca anahtarı okumasına izin veren yeni bir kural oluşturur ve erişime izin veren iki kuralı kaldırmak ve bunları yeni kuralla değiştirmek için yöntemini kullanır SetAccessRule . Erişimi reddeden kural etkilenmez.
Not
Bu örnek, güvenlik nesnesini bir RegistryKey nesneye eklemez. yöntemine RegistryKey.GetAccessControl ve yöntemine RegistryKey.SetAccessControl bakın.
using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;
public class Example
{
public static void Main()
{
string user = Environment.UserDomainName + "\\"
+ Environment.UserName;
// Create a security object that grants no access.
RegistrySecurity mSec = new RegistrySecurity();
// Add a rule that grants the current user the right
// to read and enumerate the name/value pairs in a key,
// to read its access and audit rules, to enumerate
// its subkeys, to create subkeys, and to delete the key.
// The rule is inherited by all contained subkeys.
//
RegistryAccessRule rule = new RegistryAccessRule(user,
RegistryRights.ReadKey | RegistryRights.WriteKey
| RegistryRights.Delete,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Add a rule that allows the current user the right
// right to set the name/value pairs in a key.
// This rule is inherited by contained subkeys, but
// propagation flags limit it to immediate child
// subkeys.
rule = new RegistryAccessRule(user,
RegistryRights.ChangePermissions,
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Add a rule that denies the current user the right
// to set the name/value pairs in a key. This rule
// has no inheritance or propagation flags, so it
// affects only the key itself.
rule = new RegistryAccessRule(user,
RegistryRights.SetValue,
AccessControlType.Deny);
mSec.AddAccessRule(rule);
// Display the rules in the security object.
ShowSecurity(mSec);
// Create a rule that allows the current user
// only read access to a key, with no inheritance
// or propagation flags. SetAccessRule removes
// all the existing rules that allow access for
// the current user, replacing them with this
// rule. Rules that deny access do not match,
// and so are not affected.
rule = new RegistryAccessRule(user,
RegistryRights.ReadKey,
AccessControlType.Allow);
mSec.SetAccessRule(rule);
// Display the rules in the security object.
// removed.
ShowSecurity(mSec);
}
private static void ShowSecurity(RegistrySecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach( RegistryAccessRule ar in
security.GetAccessRules(true, true, typeof(NTAccount)) )
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.RegistryRights);
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
Console.WriteLine(" Inherited? {0}", ar.IsInherited);
Console.WriteLine();
}
}
}
/* This code example produces output similar to following:
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: SetValue
Inheritance: None
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: ChangePermissions
Inheritance: ContainerInherit
Propagation: NoPropagateInherit, InheritOnly
Inherited? False
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: SetValue
Inheritance: None
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: ReadKey
Inheritance: None
Propagation: None
Inherited? False
*/
Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32
Public Class Example
Public Shared Sub Main()
Dim user As String = Environment.UserDomainName _
& "\" & Environment.UserName
' Create a security object that grants no access.
Dim mSec As New RegistrySecurity()
' Add a rule that grants the current user the right
' to read and enumerate the name/value pairs in a key,
' to read its access and audit rules, to enumerate
' its subkeys, to create subkeys, and to delete the key.
' The rule is inherited by all contained subkeys.
'
Dim rule As New RegistryAccessRule(user, _
RegistryRights.ReadKey Or RegistryRights.WriteKey _
Or RegistryRights.Delete, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.None, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Add a rule that allows the current user the right
' right to set the name/value pairs in a key.
' This rule is inherited by contained subkeys, but
' propagation flags limit it to immediate child
' subkeys.
rule = New RegistryAccessRule(user, _
RegistryRights.ChangePermissions, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Add a rule that denies the current user the right
' to set the name/value pairs in a key. This rule
' has no inheritance or propagation flags, so it
' affects only the key itself.
rule = New RegistryAccessRule(user, _
RegistryRights.SetValue, _
AccessControlType.Deny)
mSec.AddAccessRule(rule)
' Display the rules in the security object.
ShowSecurity(mSec)
' Create a rule that allows the current user
' only read access to a key, with no inheritance
' or propagation flags. SetAccessRule removes
' all the existing rules that allow access for
' the current user, replacing them with this
' rule. Rules that deny access do not match,
' and so are not affected.
rule = New RegistryAccessRule(user, _
RegistryRights.ReadKey, _
AccessControlType.Allow)
mSec.SetAccessRule(rule)
' Display the rules in the security object.
ShowSecurity(mSec)
End Sub
Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)
For Each ar As RegistryAccessRule In _
security.GetAccessRules(True, True, GetType(NTAccount))
Console.WriteLine(" User: {0}", ar.IdentityReference)
Console.WriteLine(" Type: {0}", ar.AccessControlType)
Console.WriteLine(" Rights: {0}", ar.RegistryRights)
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
Console.WriteLine(" Inherited? {0}", ar.IsInherited)
Console.WriteLine()
Next
End Sub
End Class
'This code example produces output similar to following:
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: SetValue
' Inheritance: None
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ChangePermissions
' Inheritance: ContainerInherit
' Propagation: NoPropagateInherit, InheritOnly
' Inherited? False
'
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: SetValue
' Inheritance: None
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ReadKey
' Inheritance: None
' Propagation: None
' Inherited? False
Açıklamalar
Belirtilen kurala sahipse Allow, bu yöntemin etkisi, belirtilen kullanıcı için tüm Allow kuralları kaldırmak ve bunları belirtilen kuralla değiştirmektir. Belirtilen kuralda varsa Deny, belirtilen kullanıcının tüm Deny kuralları belirtilen kuralla değiştirilir.
Kullanıcısı ve AccessControlType belirtilen kuralla eşleşen kural yoksa eklenir rule .
Şunlara uygulanır
GitHub'da bizimle işbirliği yapın
Bu içeriğin kaynağı GitHub'da bulunabilir; burada ayrıca sorunları ve çekme isteklerini oluşturup gözden geçirebilirsiniz. Daha fazla bilgi için katkıda bulunan kılavuzumuzu inceleyin.
