ObjectSecurity.SetSecurityDescriptorSddlForm Method

Definition

Sets the security descriptor for this ObjectSecurity object from the specified Security Descriptor Definition Language (SDDL) string.

Overloads

SetSecurityDescriptorSddlForm(String)

Sets the security descriptor for this ObjectSecurity object from the specified Security Descriptor Definition Language (SDDL) string.

SetSecurityDescriptorSddlForm(String, AccessControlSections)

Sets the specified sections of the security descriptor for this ObjectSecurity object from the specified Security Descriptor Definition Language (SDDL) string.

Remarks

If the security descriptor represented by the SDDL string contains null for its discretionary access control list (DACL), a single access control entry (ACE) that allows everyone full access (AEFA) is added to the DACL. If an application modifies the DACL of a security descriptor to which an AEFA ACE has been added, the AEFA ACE is persisted with the DACL when that DACL is persisted.

This can result in an application unintentionally allowing access to principals. Because of this, an application should check for the existence of an AEFA ACE and remove it before modifying any security descriptor.

SetSecurityDescriptorSddlForm(String)

Sets the security descriptor for this ObjectSecurity object from the specified Security Descriptor Definition Language (SDDL) string.

public void SetSecurityDescriptorSddlForm (string sddlForm);
Parameters
sddlForm
String

The SDDL string from which to set the security descriptor.

Remarks

If the security descriptor represented by the SDDL string contains null for its discretionary access control list (DACL), a single access control entry (ACE) that allows everyone full access (AEFA) is added to the DACL. If an application modifies the DACL of a security descriptor to which an AEFA ACE has been added, the AEFA ACE is persisted with the DACL when that DACL is persisted.

This can result in an application unintentionally allowing access to principals. Because of this, an application should check for the existence of an AEFA ACE and remove it before modifying any security descriptor.

SetSecurityDescriptorSddlForm(String, AccessControlSections)

Sets the specified sections of the security descriptor for this ObjectSecurity object from the specified Security Descriptor Definition Language (SDDL) string.

public void SetSecurityDescriptorSddlForm (string sddlForm, System.Security.AccessControl.AccessControlSections includeSections);
Parameters
sddlForm
String

The SDDL string from which to set the security descriptor.

includeSections
AccessControlSections

The sections (access rules, audit rules, owner, primary group) of the security descriptor to set.

Remarks

If the security descriptor represented by the SDDL string contains null for its discretionary access control list (DACL), a single access control entry (ACE) that allows everyone full access (AEFA) is added to the DACL. If an application modifies the DACL of a security descriptor to which an AEFA ACE has been added, the AEFA ACE is persisted with the DACL when that DACL is persisted.

This can result in an application unintentionally allowing access to principals. Because of this, an application should check for the existence of an AEFA ACE and remove it before modifying any security descriptor.

Applies to