RegistrySecurity.RemoveAccessRule(RegistryAccessRule) RegistrySecurity.RemoveAccessRule(RegistryAccessRule) RegistrySecurity.RemoveAccessRule(RegistryAccessRule) RegistrySecurity.RemoveAccessRule(RegistryAccessRule) Method

Définition

Recherche une règle de contrôle d'accès ayant les mêmes utilisateur et AccessControlType (autorisation ou refus) que la règle d'accès spécifiée et ayant des indicateurs d'héritage et de propagation compatibles ; si une telle règle est trouvée, les droits contenus dans la règle d'accès spécifiée en sont supprimés.Searches for an access control rule with the same user and AccessControlType (allow or deny) as the specified access rule, and with compatible inheritance and propagation flags; if such a rule is found, the rights contained in the specified access rule are removed from it.

public:
 bool RemoveAccessRule(System::Security::AccessControl::RegistryAccessRule ^ rule);
public bool RemoveAccessRule (System.Security.AccessControl.RegistryAccessRule rule);
override this.RemoveAccessRule : System.Security.AccessControl.RegistryAccessRule -> bool
Public Function RemoveAccessRule (rule As RegistryAccessRule) As Boolean

Paramètres

rule
RegistryAccessRule RegistryAccessRule RegistryAccessRule RegistryAccessRule

RegistryAccessRule qui spécifie l'utilisateur et AccessControlType à rechercher, ainsi qu'un jeu d'indicateurs d'héritage et de propagation avec lesquels une règle correspondante, si elle est trouvée, doit être compatible.A RegistryAccessRule that specifies the user and AccessControlType to search for, and a set of inheritance and propagation flags that a matching rule, if found, must be compatible with. Spécifie les droits à supprimer de la règle compatible, le cas échéant.Specifies the rights to remove from the compatible rule, if found.

Retours

true si une règle compatible est trouvée ; sinon, false.true if a compatible rule is found; otherwise false.

Exceptions

Exemples

Le code suivant montre l’exemple comment la RemoveAccessRule méthode supprime les droits à partir d’une règle compatible et comment la AddAccessRule méthode fusionne des droits avec les règles compatibles.The following code example shows how the RemoveAccessRule method removes rights from a compatible rule, and how the AddAccessRule method merges rights with compatible rules.

L’exemple crée un RegistrySecurity de l’objet et ajoute une règle qui autorise l’utilisateur actuel RegistryRights.ReadKey droits.The example creates a RegistrySecurity object and adds a rule that allows the current user RegistryRights.ReadKey rights. L’exemple crée ensuite une règle qui accorde à l’utilisateur RegistryRights.SetValue, avec le même héritage et les droits de la propagation, ainsi que la première règle utilise le RemoveAccessRule méthode pour supprimer cette nouvelle règle à partir de la RegistrySecurity objet.The example then creates a rule that grants the user RegistryRights.SetValue, with the same inheritance and propagation rights as the first rule, and uses the RemoveAccessRule method to remove this new rule from the RegistrySecurity object. SetValue est un composant de ReadKey, donc il est supprimé de la règle compatible.SetValue is a constituent of ReadKey, so it is removed from the compatible rule. Les règles dans le RegistrySecurity objet s’affichent, présentent les composants restants du ReadKey.The rules in the RegistrySecurity object are displayed, showing the remaining constituents of ReadKey.

L’exemple de code appelle ensuite la RemoveAccessRule méthode pour fusionner le SetValue avec le bouton droit dans la règle dans le RegistrySecurity objet.The example code then calls the RemoveAccessRule method to merge the SetValue right back into the rule in the RegistrySecurity object.

Notes

Cet exemple ne s’attache pas l’objet de sécurité à un RegistryKey objet.This example does not attach the security object to a RegistryKey object. Le deuxième exemple dans cette section attache un objet de sécurité, et comme les exemples de RegistryKey.GetAccessControl RegistryKey.SetAccessControl.The second example in this section attaches a security object, and so do the examples in RegistryKey.GetAccessControlRegistryKey.SetAccessControl.


using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;

public class Example
{

    public static void Main()
    {

        string user = Environment.UserDomainName + "\\"
            + Environment.UserName;

        // Create a security object that grants no access.
        RegistrySecurity mSec = new RegistrySecurity();

        // Add a rule that grants the current user ReadKey
        // rights. ReadKey is a combination of four other 
        // rights. The rule is inherited by all 
        // contained subkeys.
        RegistryAccessRule rule = new RegistryAccessRule(user, 
            RegistryRights.ReadKey, 
            InheritanceFlags.ContainerInherit, 
            PropagationFlags.None, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Create a rule that allows the current user only the 
        // right to query the key/value pairs of a key, using  
        // the same inheritance and propagation flags as the
        // first rule. QueryValues is a constituent of 
        // ReadKey, so when this rule is removed, using the 
        // RemoveAccessRule method, ReadKey is broken into
        // its constituent parts.
        rule = new RegistryAccessRule(user, 
            RegistryRights.QueryValues, 
            InheritanceFlags.ContainerInherit, 
            PropagationFlags.None, 
            AccessControlType.Allow);
        mSec.RemoveAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Add the second rule back. It merges with the 
        // existing rule, so that the rule is now displayed
        // as ReadKey.
        mSec.AddAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);
    }

    private static void ShowSecurity(RegistrySecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach( RegistryAccessRule ar in security.GetAccessRules(true, true, typeof(NTAccount)) )
        {
            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.RegistryRights);
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
            Console.WriteLine("   Inherited? {0}", ar.IsInherited);
            Console.WriteLine();
        }
    }
}

/* This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Allow
      Rights: EnumerateSubKeys, Notify, ReadPermissions
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? False


Current access rules:

        User: TestDomain\TestUser
        Type: Allow
      Rights: ReadKey
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? False
 */
Option Explicit
Imports System
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32

Public Class Example

    Public Shared Sub Main()

        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access.
        Dim mSec As New RegistrySecurity()

        ' Add a rule that grants the current user ReadKey
        ' rights. ReadKey is a combination of four other 
        ' rights. The rule is inherited by all 
        ' contained subkeys.
        Dim rule As New RegistryAccessRule(user, _
            RegistryRights.ReadKey, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.None, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Create a rule that allows the current user only the 
        ' right to query the key/value pairs of a key, using  
        ' the same inheritance and propagation flags as the
        ' first rule. QueryValues is a constituent of 
        ' ReadKey, so when this rule is removed, using the 
        ' RemoveAccessRule method, ReadKey is broken into
        ' its constituent parts.
        rule = New RegistryAccessRule(user, _
            RegistryRights.QueryValues, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.None, _
            AccessControlType.Allow)
        mSec.RemoveAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

        ' Add the second rule back. It merges with the 
        ' existing rule, so that the rule is now displayed
        ' as ReadKey.
        mSec.AddAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

    End Sub 

    Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As RegistryAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.RegistryRights)
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
            Console.WriteLine("   Inherited? {0}", ar.IsInherited)
            Console.WriteLine()
        Next

    End Sub
End Class 

'This code example produces output similar to following:
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: EnumerateSubKeys, Notify, ReadPermissions
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? False
'
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: ReadKey
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? False
'

Remarques

Actuel RegistrySecurity est recherché dans une règle qui a le même utilisateur et le même AccessControlType valeur sous la forme rule.The current RegistrySecurity is searched for a rule that has the same user and the same AccessControlType value as rule. Si aucune règle n’est trouvée, aucune action n’est effectuée, et la méthode retourne false.If no such rule is found, no action is taken, and the method returns false. Si les règles de correspondance sont trouvées, les indicateurs d’héritage et de compatibilité sont activés pour la compatibilité avec les indicateurs spécifiés dans rule.If matching rules are found, their inheritance and compatibility flags are checked for compatibility with the flags specified in rule. Si aucune règle compatible n’est trouvée, aucune action n’est effectuée, et la méthode retourne false.If no compatible rule is found, no action is taken, and the method returns false. Si une règle avec des indicateurs compatibles est trouvée, les droits spécifiés dans rule sont supprimés de la règle compatible, et la méthode retourne true.If a rule with compatible flags is found, the rights specified in rule are removed from the compatible rule, and the method returns true. Si rule spécifie les droits non contenus dans la règle compatible, aucune action n’est effectuée en ce qui concerne ces droits.If rule specifies rights not contained in the compatible rule, no action is taken with respect to those rights. Si tous les droits sont supprimés de la règle compatible, la règle entière est supprimée à partir du RegistrySecurity objet.If all rights are removed from the compatible rule, the entire rule is removed from the current RegistrySecurity object.

S’applique à