System.Security.AccessControl Namespace

Provides programming elements that control access to and audit security-related actions on securable objects.

Classes

AccessRule

Represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An AccessRule object also contains information about how the rule is inherited by child objects and how that inheritance is propagated.

AccessRule<T>

Represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An AccessRule`1 object also contains information about the how the rule is inherited by child objects and how that inheritance is propagated.

AceEnumerator

Provides the ability to iterate through the access control entries (ACEs) in an access control list (ACL).

AuditRule

Represents a combination of a user's identity and an access mask. An AuditRule object also contains information about how the rule is inherited by child objects, how that inheritance is propagated, and for what conditions it is audited.

AuditRule<T>

Represents a combination of a user's identity and an access mask.

AuthorizationRule

Determines access to securable objects. The derived classes AccessRule and AuditRule offer specializations for access and audit functionality.

AuthorizationRuleCollection

Represents a collection of AuthorizationRule objects.

CommonAce

Represents an access control entry (ACE).

CommonAcl

Represents an access control list (ACL) and is the base class for the DiscretionaryAcl and SystemAcl classes.

CommonObjectSecurity

Controls access to objects without direct manipulation of access control lists (ACLs). This class is the abstract base class for the NativeObjectSecurity class.

CommonSecurityDescriptor

Represents a security descriptor. A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL).

CompoundAce

Represents a compound Access Control Entry (ACE).

CryptoKeyAccessRule

Represents an access rule for a cryptographic key. An access rule represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An access rule object also contains information about the how the rule is inherited by child objects and how that inheritance is propagated.

CryptoKeyAuditRule

Represents an audit rule for a cryptographic key. An audit rule represents a combination of a user's identity and an access mask. An audit rule also contains information about the how the rule is inherited by child objects, how that inheritance is propagated, and for what conditions it is audited.

CryptoKeySecurity

Provides the ability to control access to a cryptographic key object without direct manipulation of an Access Control List (ACL).

CustomAce

Represents an Access Control Entry (ACE) that is not defined by one of the members of the AceType enumeration.

DirectoryObjectSecurity

Provides the ability to control access to directory objects without direct manipulation of Access Control Lists (ACLs).

DirectorySecurity

Represents the access control and audit security for a directory. This class cannot be inherited.

DiscretionaryAcl

Represents a Discretionary Access Control List (DACL).

EventWaitHandleAccessRule

Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited.

EventWaitHandleAuditRule

Represents a set of access rights to be audited for a user or group. This class cannot be inherited.

EventWaitHandleSecurity

Represents the Windows access control security applied to a named system wait handle. This class cannot be inherited.

FileSecurity

Represents the access control and audit security for a file. This class cannot be inherited.

FileSystemAccessRule

Represents an abstraction of an access control entry (ACE) that defines an access rule for a file or directory. This class cannot be inherited.

FileSystemAuditRule

Represents an abstraction of an access control entry (ACE) that defines an audit rule for a file or directory. This class cannot be inherited.

FileSystemSecurity

Represents the access control and audit security for a file or directory.

GenericAce

Represents an Access Control Entry (ACE), and is the base class for all other ACE classes.

GenericAcl

Represents an access control list (ACL) and is the base class for the CommonAcl, DiscretionaryAcl, RawAcl, and SystemAcl classes.

GenericSecurityDescriptor

Represents a security descriptor. A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL).

KnownAce

Encapsulates all Access Control Entry (ACE) types currently defined by Microsoft Corporation. All KnownAce objects contain a 32-bit access mask and a SecurityIdentifier object.

MutexAccessRule

Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited.

MutexAuditRule

Represents a set of access rights to be audited for a user or group. This class cannot be inherited.

MutexSecurity

Represents the Windows access control security for a named mutex. This class cannot be inherited.

NativeObjectSecurity

Provides the ability to control access to native objects without direct manipulation of Access Control Lists (ACLs). Native object types are defined by the ResourceType enumeration.

ObjectAccessRule

Represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An ObjectAccessRule object also contains information about the type of object to which the rule applies, the type of child object that can inherit the rule, how the rule is inherited by child objects, and how that inheritance is propagated.

ObjectAce

Controls access to Directory Services objects. This class represents an Access Control Entry (ACE) associated with a directory object.

ObjectAuditRule

Represents a combination of a user's identity, an access mask, and audit conditions. An ObjectAuditRule object also contains information about the type of object to which the rule applies, the type of child object that can inherit the rule, how the rule is inherited by child objects, and how that inheritance is propagated.

ObjectSecurity

Provides the ability to control access to objects without direct manipulation of Access Control Lists (ACLs). This class is the abstract base class for the CommonObjectSecurity and DirectoryObjectSecurity classes.

ObjectSecurity<T>

Provides the ability to control access to objects without direct manipulation of Access Control Lists (ACLs); also grants the ability to type-cast access rights.

PrivilegeNotHeldException

The exception that is thrown when a method in the System.Security.AccessControl namespace attempts to enable a privilege that it does not have.

QualifiedAce

Represents an Access Control Entry (ACE) that contains a qualifier. The qualifier, represented by an AceQualifier object, specifies whether the ACE allows access, denies access, causes system audits, or causes system alarms. The QualifiedAce class is the abstract base class for the CommonAce and ObjectAce classes.

RawAcl

Represents an Access Control List (ACL).

RawSecurityDescriptor

Represents a security descriptor. A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL).

RegistryAccessRule

Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited.

RegistryAuditRule

Represents a set of access rights to be audited for a user or group. This class cannot be inherited.

RegistrySecurity

Represents the Windows access control security for a registry key. This class cannot be inherited.

SemaphoreAccessRule

Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited.

SemaphoreAuditRule

Represents a set of access rights to be audited for a user or group. This class cannot be inherited.

SemaphoreSecurity

Represents the Windows access control security for a named semaphore. This class cannot be inherited.

SystemAcl

Represents a System Access Control List (SACL).

Enums

AccessControlActions

Specifies the actions that are permitted for securable objects.

AccessControlModification

Specifies the type of access control modification to perform. This enumeration is used by methods of the ObjectSecurity class and its descendants.

AccessControlSections

Specifies which sections of a security descriptor to save or load.

AccessControlType

Specifies whether an AccessRule object is used to allow or deny access. These values are not flags, and they cannot be combined.

AceFlags

Specifies the inheritance and auditing behavior of an access control entry (ACE).

AceQualifier

Specifies the function of an access control entry (ACE).

AceType

Defines the available access control entry (ACE) types.

AuditFlags

Specifies the conditions for auditing attempts to access a securable object.

CompoundAceType

Specifies the type of a CompoundAce object.

ControlFlags

These flags affect the security descriptor behavior.

CryptoKeyRights

Specifies the cryptographic key operation for which an authorization rule controls access or auditing.

EventWaitHandleRights

Specifies the access control rights that can be applied to named system event objects.

FileSystemRights

Defines the access rights to use when creating access and audit rules.

InheritanceFlags

Inheritance flags specify the semantics of inheritance for access control entries (ACEs).

MutexRights

Specifies the access control rights that can be applied to named system mutex objects.

ObjectAceFlags

Specifies the presence of object types for Access Control Entries (ACEs).

PropagationFlags

Specifies how Access Control Entries (ACEs) are propagated to child objects. These flags are significant only if inheritance flags are present.

RegistryRights

Specifies the access control rights that can be applied to registry objects.

ResourceType

Specifies the defined native object types.

SecurityInfos

Specifies the section of a security descriptor to be queried or set.

SemaphoreRights

Specifies the access control rights that can be applied to named system semaphore objects.

Delegates

NativeObjectSecurity.ExceptionFromErrorCode

Provides a way for integrators to map numeric error codes to specific exceptions that they create.