Edit

Share via


CommonSecurityDescriptor Constructors

Definition

Initializes a new instance of the CommonSecurityDescriptor class.

Overloads

CommonSecurityDescriptor(Boolean, Boolean, RawSecurityDescriptor)

Initializes a new instance of the CommonSecurityDescriptor class from the specified RawSecurityDescriptor object.

CommonSecurityDescriptor(Boolean, Boolean, String)

Initializes a new instance of the CommonSecurityDescriptor class from the specified Security Descriptor Definition Language (SDDL) string.

CommonSecurityDescriptor(Boolean, Boolean, Byte[], Int32)

Initializes a new instance of the CommonSecurityDescriptor class from the specified array of byte values.

CommonSecurityDescriptor(Boolean, Boolean, ControlFlags, SecurityIdentifier, SecurityIdentifier, SystemAcl, DiscretionaryAcl)

Initializes a new instance of the CommonSecurityDescriptor class from the specified information.

CommonSecurityDescriptor(Boolean, Boolean, RawSecurityDescriptor)

Initializes a new instance of the CommonSecurityDescriptor class from the specified RawSecurityDescriptor object.

public:
 CommonSecurityDescriptor(bool isContainer, bool isDS, System::Security::AccessControl::RawSecurityDescriptor ^ rawSecurityDescriptor);
public CommonSecurityDescriptor (bool isContainer, bool isDS, System.Security.AccessControl.RawSecurityDescriptor rawSecurityDescriptor);
new System.Security.AccessControl.CommonSecurityDescriptor : bool * bool * System.Security.AccessControl.RawSecurityDescriptor -> System.Security.AccessControl.CommonSecurityDescriptor
Public Sub New (isContainer As Boolean, isDS As Boolean, rawSecurityDescriptor As RawSecurityDescriptor)

Parameters

isContainer
Boolean

true if the new security descriptor is associated with a container object.

isDS
Boolean

true if the new security descriptor is associated with a directory object.

rawSecurityDescriptor
RawSecurityDescriptor

The RawSecurityDescriptor object from which to create the new CommonSecurityDescriptor object.

Remarks

If the underlying security descriptor from which the new RawSecurityDescriptor object is created contains null for its discretionary access control list (DACL), a single access control entry (ACE) that allows everyone full access (AEFA) is added to the DACL. If an application modifies the DACL of a security descriptor to which an AEFA ACE has been added, the AEFA ACE is persisted with the DACL when that DACL is persisted.

This can result in an application unintentionally allowing access to principals. Because of this, an application should check for the existence of an AEFA ACE and remove it before modifying any security descriptor.

Applies to

CommonSecurityDescriptor(Boolean, Boolean, String)

Initializes a new instance of the CommonSecurityDescriptor class from the specified Security Descriptor Definition Language (SDDL) string.

public:
 CommonSecurityDescriptor(bool isContainer, bool isDS, System::String ^ sddlForm);
public CommonSecurityDescriptor (bool isContainer, bool isDS, string sddlForm);
new System.Security.AccessControl.CommonSecurityDescriptor : bool * bool * string -> System.Security.AccessControl.CommonSecurityDescriptor
Public Sub New (isContainer As Boolean, isDS As Boolean, sddlForm As String)

Parameters

isContainer
Boolean

true if the new security descriptor is associated with a container object.

isDS
Boolean

true if the new security descriptor is associated with a directory object.

sddlForm
String

The SDDL string from which to create the new CommonSecurityDescriptor object.

Remarks

If the underlying security descriptor from which the new RawSecurityDescriptor object is created contains null for its discretionary access control list (DACL), a single access control entry (ACE) that allows everyone full access (AEFA) is added to the DACL. If an application modifies the DACL of a security descriptor to which an AEFA ACE has been added, the AEFA ACE is persisted with the DACL when that DACL is persisted.

This can result in an application unintentionally allowing access to principals. Because of this, an application should check for the existence of an AEFA ACE and remove it before modifying any security descriptor.

Applies to

CommonSecurityDescriptor(Boolean, Boolean, Byte[], Int32)

Initializes a new instance of the CommonSecurityDescriptor class from the specified array of byte values.

public:
 CommonSecurityDescriptor(bool isContainer, bool isDS, cli::array <System::Byte> ^ binaryForm, int offset);
public CommonSecurityDescriptor (bool isContainer, bool isDS, byte[] binaryForm, int offset);
new System.Security.AccessControl.CommonSecurityDescriptor : bool * bool * byte[] * int -> System.Security.AccessControl.CommonSecurityDescriptor
Public Sub New (isContainer As Boolean, isDS As Boolean, binaryForm As Byte(), offset As Integer)

Parameters

isContainer
Boolean

true if the new security descriptor is associated with a container object.

isDS
Boolean

true if the new security descriptor is associated with a directory object.

binaryForm
Byte[]

The array of byte values from which to create the new CommonSecurityDescriptor object.

offset
Int32

The offset in the binaryForm array at which to begin copying.

Remarks

If the underlying security descriptor from which the new RawSecurityDescriptor object is created contains null for its discretionary access control list (DACL),a single access control entry (ACE) that allows everyone full access (AEFA) is added to the DACL. If an application modifies the DACL of a security descriptor to which an AEFA ACE has been added, the AEFA ACE is persisted with the DACL when that DACL is persisted.

This can result in an application unintentionally allowing access to principals. Because of this, an application should check for the existence of an AEFA ACE and remove it before modifying any security descriptor.

Applies to

CommonSecurityDescriptor(Boolean, Boolean, ControlFlags, SecurityIdentifier, SecurityIdentifier, SystemAcl, DiscretionaryAcl)

Initializes a new instance of the CommonSecurityDescriptor class from the specified information.

public:
 CommonSecurityDescriptor(bool isContainer, bool isDS, System::Security::AccessControl::ControlFlags flags, System::Security::Principal::SecurityIdentifier ^ owner, System::Security::Principal::SecurityIdentifier ^ group, System::Security::AccessControl::SystemAcl ^ systemAcl, System::Security::AccessControl::DiscretionaryAcl ^ discretionaryAcl);
public CommonSecurityDescriptor (bool isContainer, bool isDS, System.Security.AccessControl.ControlFlags flags, System.Security.Principal.SecurityIdentifier? owner, System.Security.Principal.SecurityIdentifier? group, System.Security.AccessControl.SystemAcl? systemAcl, System.Security.AccessControl.DiscretionaryAcl? discretionaryAcl);
public CommonSecurityDescriptor (bool isContainer, bool isDS, System.Security.AccessControl.ControlFlags flags, System.Security.Principal.SecurityIdentifier owner, System.Security.Principal.SecurityIdentifier group, System.Security.AccessControl.SystemAcl systemAcl, System.Security.AccessControl.DiscretionaryAcl discretionaryAcl);
new System.Security.AccessControl.CommonSecurityDescriptor : bool * bool * System.Security.AccessControl.ControlFlags * System.Security.Principal.SecurityIdentifier * System.Security.Principal.SecurityIdentifier * System.Security.AccessControl.SystemAcl * System.Security.AccessControl.DiscretionaryAcl -> System.Security.AccessControl.CommonSecurityDescriptor
Public Sub New (isContainer As Boolean, isDS As Boolean, flags As ControlFlags, owner As SecurityIdentifier, group As SecurityIdentifier, systemAcl As SystemAcl, discretionaryAcl As DiscretionaryAcl)

Parameters

isContainer
Boolean

true if the new security descriptor is associated with a container object.

isDS
Boolean

true if the new security descriptor is associated with a directory object.

flags
ControlFlags

Flags that specify behavior of the new CommonSecurityDescriptor object.

owner
SecurityIdentifier

The owner for the new CommonSecurityDescriptor object.

group
SecurityIdentifier

The primary group for the new CommonSecurityDescriptor object.

systemAcl
SystemAcl

The System Access Control List (SACL) for the new CommonSecurityDescriptor object.

discretionaryAcl
DiscretionaryAcl

The Discretionary Access Control List (DACL) for the new CommonSecurityDescriptor object.

Remarks

If the underlying security descriptor from which the new RawSecurityDescriptor object is created contains null for its discretionary access control list (DACL), a single access control entry (ACE) that allows everyone full access (AEFA) is added to the DACL. If an application modifies the DACL of a security descriptor to which an AEFA ACE has been added, the AEFA ACE is persisted with the DACL when that DACL is persisted.

This can result in an application unintentionally allowing access to principals. Because of this, an application should check for the existence of an AEFA ACE and remove it before modifying any security descriptor.

Applies to