RegistrySecurity.AddAccessRule(RegistryAccessRule) RegistrySecurity.AddAccessRule(RegistryAccessRule) RegistrySecurity.AddAccessRule(RegistryAccessRule) RegistrySecurity.AddAccessRule(RegistryAccessRule) Method

Définition

Recherche une règle de contrôle d'accès correspondante avec laquelle la nouvelle règle peut être fusionnée.Searches for a matching access control with which the new rule can be merged. Ajoute la nouvelle règle en cas de recherche infructueuse.If none are found, adds the new rule.

public:
 void AddAccessRule(System::Security::AccessControl::RegistryAccessRule ^ rule);
public void AddAccessRule (System.Security.AccessControl.RegistryAccessRule rule);
override this.AddAccessRule : System.Security.AccessControl.RegistryAccessRule -> unit
Public Sub AddAccessRule (rule As RegistryAccessRule)

Paramètres

rule
RegistryAccessRule RegistryAccessRule RegistryAccessRule RegistryAccessRule

Règle de contrôle d'accès à ajouter.The access control rule to add.

Exceptions

Exemples

L’exemple de code suivant crée des règles d’accès de Registre et les ajoute à un RegistrySecurity objet, en montrant comment les règles qui autorisent et refusent des droits restent séparées, lors des règles compatibles du même type est fusionnée.The following code example creates registry access rules and adds them to a RegistrySecurity object, showing how rules that allow and deny rights remain separate, while compatible rules of the same kind are merged.

Notes

Cet exemple ne s’attache pas l’objet de sécurité à un RegistryKey objet.This example does not attach the security object to a RegistryKey object. Vous trouverez des exemples qui attachent des objets de sécurité dans RegistryKey.GetAccessControl et RegistryKey.SetAccessControl.Examples that attach security objects can be found in RegistryKey.GetAccessControl and RegistryKey.SetAccessControl.

Vous trouverez un exemple de code illustrant les indicateurs d’héritage et de propagation dans le RegistryAccessRule classe.A code example that demonstrates inheritance and propagation flags can be found in the RegistryAccessRule class.

using System;
using Microsoft.Win32;
using System.Security.AccessControl;
using System.Security.Principal;

public class Example
{
    public static void Main()
    {
        // Create a string representing the current user.
        string user = Environment.UserDomainName + "\\"
            + Environment.UserName;

        // Create a security object that grants no access.
        RegistrySecurity mSec = new RegistrySecurity();

        // Add a rule that grants the current user the 
        // right to read the key.
        RegistryAccessRule rule = new RegistryAccessRule(user, 
            RegistryRights.ReadKey, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Add a rule that denies the current user the 
        // right to change permissions on the Registry.
        rule = new RegistryAccessRule(user, 
            RegistryRights.ChangePermissions, 
            AccessControlType.Deny);
        mSec.AddAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Add a rule that allows the current user the 
        // right to read permissions on the Registry. This 
        // rule is merged with the existing Allow rule.
        rule = new RegistryAccessRule(user, 
            RegistryRights.WriteKey, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        ShowSecurity(mSec);
    }

    private static void ShowSecurity(RegistrySecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach( RegistryAccessRule ar in 
            security.GetAccessRules(true, true, typeof(NTAccount)) )
        {
            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.RegistryRights);
            Console.WriteLine();
        }
    }
}

/* This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions

        User: TestDomain\TestUser
        Type: Allow
      Rights: ReadKey


Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions

        User: TestDomain\TestUser
        Type: Allow
      Rights: SetValue, CreateSubKey, ReadKey
 */
Imports System
Imports Microsoft.Win32
Imports System.Security.AccessControl
Imports System.Security.Principal

Public Class Example

    Public Shared Sub Main()

        ' Create a string representing the current user.
        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access.
        Dim mSec As New RegistrySecurity()

        ' Add a rule that grants the current user the 
        ' right to read the key.
        Dim rule As New RegistryAccessRule(user, _
            RegistryRights.ReadKey, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Add a rule that denies the current user the 
        ' right to change permissions on the Registry.
        rule = New RegistryAccessRule(user, _
            RegistryRights.ChangePermissions, _
            AccessControlType.Deny)
        mSec.AddAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

        ' Add a rule that allows the current user the 
        ' right to read permissions on the Registry. This 
        ' rule is merged with the existing Allow rule.
        rule = New RegistryAccessRule(user, _
            RegistryRights.WriteKey, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ShowSecurity(mSec)

    End Sub 

    Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As RegistryAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.RegistryRights)
            Console.WriteLine()
        Next

    End Sub
End Class 

'This code example produces output similar to following:
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: ChangePermissions
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: ReadKey
'
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: ChangePermissions
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: SetValue, CreateSubKey, ReadKey

Remarques

Le AddAccessRule méthode recherche des règles avec le même utilisateur ou groupe et le même AccessControlType comme rule.The AddAccessRule method searches for rules with the same user or group and the same AccessControlType as rule. Si aucune n’est trouvée, rule est ajouté.If none are found, rule is added. Si une règle de correspondance est trouvée, les droits dans rule sont fusionnés avec la règle existante.If a matching rule is found, the rights in rule are merged with the existing rule.

Règles ne peut pas être fusionnées si elles ont des indicateurs d’héritage différents.Rules cannot be merged if they have different inheritance flags. Par exemple, si un utilisateur a un accès en lecture sans indicateurs d’héritage, et AddAccessRule est utilisé pour ajouter une règle donnant l’accès en écriture utilisateur avec héritage de sous-clés (InheritanceFlags.ContainerInherit), les deux règles ne peuvent pas être fusionnées.For example, if a user is allowed read access with no inheritance flags, and AddAccessRule is used to add a rule giving the user write access with inheritance for subkeys (InheritanceFlags.ContainerInherit), the two rules cannot be merged.

Règles avec différents AccessControlType valeurs ne sont jamais fusionnées.Rules with different AccessControlType values are never merged.

Règles expriment les droits de la façon la plus économique.Rules express rights in the most economical way. Par exemple, si un utilisateur a QueryValues, Notify et ReadPermissions droits et que vous ajoutez une règle autorisant EnumerateSubKeys droits, l’utilisateur a tous les éléments constitutifs de ReadKey droits.For example, if a user has QueryValues, Notify and ReadPermissions rights, and you add a rule allowing EnumerateSubKeys rights, the user has all the constituent parts of ReadKey rights. Si vous interrogez les droits d’utilisateur, vous verrez une règle contenant ReadKey droits.If you query the user's rights, you will see a rule containing ReadKey rights. De même, si vous supprimez EnumerateSubKeys des droits, les autres composants des ReadKey droits réapparaît.Similarly, if you remove EnumerateSubKeys rights, the other constituents of ReadKey rights will reappear.

S’applique à