MutexSecurity.RemoveAccessRuleSpecific(MutexAccessRule) Metodo

Definizione

Cerca una regola di controllo di accesso che corrisponde esattamente alla regola specificata e, se trovata, la rimuove.Searches for an access control rule that exactly matches the specified rule and, if found, removes it.

public:
 void RemoveAccessRuleSpecific(System::Security::AccessControl::MutexAccessRule ^ rule);
public void RemoveAccessRuleSpecific (System.Security.AccessControl.MutexAccessRule rule);
override this.RemoveAccessRuleSpecific : System.Security.AccessControl.MutexAccessRule -> unit
Public Sub RemoveAccessRuleSpecific (rule As MutexAccessRule)

Parametri

rule
MutexAccessRule

Oggetto MutexAccessRule da rimuovere.The MutexAccessRule to remove.

Eccezioni

rule è null.rule is null.

Esempio

Nell'esempio di codice seguente viene illustrato che il metodo RemoveAccessRuleSpecific richiede una corrispondenza esatta per rimuovere una regola e che le regole per consentire e negare i diritti sono indipendenti l'una dall'altra.The following code example shows that the RemoveAccessRuleSpecific method requires an exact match in order to remove a rule, and that rules to allow and deny rights are independent of each other.

Nell'esempio viene creato un oggetto MutexSecurity, vengono aggiunte regole che consentono e negano diversi diritti per l'utente corrente, quindi vengono uniti ulteriori diritti nella regola di accesso Allow.The example creates a MutexSecurity object, adds rules that allow and deny various rights for the current user, and then merges additional rights into the Allow access rule. Nell'esempio viene quindi passata la regola di Allow originale al metodo RemoveAccessRuleSpecific e vengono visualizzati i risultati, mostrando che non viene eliminato alcun elemento.The example then passes the original Allow rule to the RemoveAccessRuleSpecific method, and displays the results, showing that nothing is deleted. Nell'esempio viene quindi creata una regola che corrisponde alla regola di Allow nell'oggetto MutexSecurity e viene utilizzato correttamente il metodo RemoveAccessRuleSpecific per rimuovere la regola.The example then constructs a rule that matches the Allow rule in the MutexSecurity object, and successfully uses the RemoveAccessRuleSpecific method to remove the rule.

Nota

In questo esempio l'oggetto di sicurezza non viene collegato a un oggetto Mutex.This example does not attach the security object to a Mutex object. Esempi di associazione di oggetti di sicurezza sono disponibili in Mutex.GetAccessControl e Mutex.SetAccessControl.Examples that attach security objects can be found in Mutex.GetAccessControl and Mutex.SetAccessControl.

using System;
using System.Threading;
using System.Security.AccessControl;
using System.Security.Principal;

public class Example
{
    public static void Main()
    {
        // Create a string representing the current user.
        string user = Environment.UserDomainName + "\\" + 
            Environment.UserName;

        // Create a security object that grants no access.
        MutexSecurity mSec = new MutexSecurity();

        // Add a rule that grants the current user the 
        // right to enter or release the mutex.
        MutexAccessRule ruleA = new MutexAccessRule(user, 
            MutexRights.Synchronize | MutexRights.Modify, 
            AccessControlType.Allow);
        mSec.AddAccessRule(ruleA);

        // Add a rule that denies the current user the 
        // right to change permissions on the mutex.
        MutexAccessRule rule = new MutexAccessRule(user, 
            MutexRights.ChangePermissions, 
            AccessControlType.Deny);
        mSec.AddAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Add a rule that allows the current user the 
        // right to read permissions on the mutex. This rule
        // is merged with the existing Allow rule.
        rule = new MutexAccessRule(user, 
            MutexRights.ReadPermissions, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        ShowSecurity(mSec);

        // Attempt to remove the original rule (granting
        // the right to enter or release the mutex) with 
        // RemoveAccessRuleSpecific. The removal fails,
        // because the right to read the permissions on the 
        // mutex has been added to the rule, so that it no 
        // longer matches the original rule.
        Console.WriteLine("Attempt to use RemoveAccessRuleSpecific on the original rule.");
        mSec.RemoveAccessRuleSpecific(ruleA);

        ShowSecurity(mSec);

        // Create a rule that grants the current user 
        // the right to enter or release the mutex, and
        // to read permissions. Use this rule to remove
        // the Allow rule for the current user.
        Console.WriteLine("Use RemoveAccessRuleSpecific with the correct rights.");
        rule = new MutexAccessRule(user, 
            MutexRights.Synchronize | MutexRights.Modify | 
                MutexRights.ReadPermissions, 
            AccessControlType.Allow);
        mSec.RemoveAccessRuleSpecific(rule);

        ShowSecurity(mSec);
    }

    private static void ShowSecurity(MutexSecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach(MutexAccessRule ar in 
            security.GetAccessRules(true, true, typeof(NTAccount)))
        {
            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.MutexRights);
            Console.WriteLine();
        }
    }
}

/*This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions

        User: TestDomain\TestUser
        Type: Allow
      Rights: Modify, Synchronize


Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions

        User: TestDomain\TestUser
        Type: Allow
      Rights: Modify, ReadPermissions, Synchronize

Attempt to use RemoveAccessRuleSpecific on the original rule.

Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions

        User: TestDomain\TestUser
        Type: Allow
      Rights: Modify, ReadPermissions, Synchronize

Use RemoveAccessRuleSpecific with the correct rights.

Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions
 */
Imports System.Threading
Imports System.Security.AccessControl
Imports System.Security.Principal

Public Class Example

    Public Shared Sub Main()

        ' Create a string representing the current user.
        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access.
        Dim mSec As New MutexSecurity()

        ' Add a rule that grants the current user the 
        ' right to enter or release the mutex.
        Dim ruleA As New MutexAccessRule(user, _
            MutexRights.Synchronize _
            Or MutexRights.Modify, _
            AccessControlType.Allow)
        mSec.AddAccessRule(ruleA)

        ' Add a rule that denies the current user the 
        ' right to change permissions on the mutex.
        Dim rule As New MutexAccessRule(user, _
            MutexRights.ChangePermissions, _
            AccessControlType.Deny)
        mSec.AddAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

        ' Add a rule that allows the current user the 
        ' right to read permissions on the mutex. This rule
        ' is merged with the existing Allow rule.
        rule = New MutexAccessRule(user, _
            MutexRights.ReadPermissions, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ShowSecurity(mSec)

        ' Attempt to remove the original rule (granting
        ' the right to enter or release the mutex) with 
        ' RemoveAccessRuleSpecific. The removal fails,
        ' because the right to read the permissions on the 
        ' mutex has been added to the rule, so that it no 
        ' longer matches the original rule.
        Console.WriteLine("Attempt to use RemoveAccessRuleSpecific on the original rule.")
        mSec.RemoveAccessRuleSpecific(ruleA)

        ShowSecurity(mSec)

        ' Create a rule that grants the current user 
        ' the right to enter or release the mutex, and
        ' to read permissions. Use this rule to remove
        ' the Allow rule for the current user.
        Console.WriteLine("Use RemoveAccessRuleSpecific with the correct rights.")
        rule = New MutexAccessRule(user, _
            MutexRights.Synchronize _
            Or MutexRights.Modify _
            Or MutexRights.ReadPermissions, _
            AccessControlType.Allow)
        mSec.RemoveAccessRuleSpecific(rule)

        ShowSecurity(mSec)
        
    End Sub 

    Private Shared Sub ShowSecurity(ByVal security As MutexSecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As MutexAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.MutexRights)
            Console.WriteLine()
        Next

    End Sub
End Class 

'This code example produces output similar to following:
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: ChangePermissions
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: Modify, Synchronize
'
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: ChangePermissions
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: Modify, ReadPermissions, Synchronize
'
'Attempt to use RemoveAccessRuleSpecific on the original rule.
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: ChangePermissions
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: Modify, ReadPermissions, Synchronize
'
'Use RemoveAccessRuleSpecific with the correct rights.
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: ChangePermissions

Commenti

La regola viene rimossa solo se corrisponde esattamente rule in tutti i dettagli, inclusi i flag.The rule is removed only if it exactly matches rule in all details, including flags. Non sono interessate altre regole con lo stesso utente e AccessControlType.Other rules with the same user and AccessControlType are not affected.

Importante

Una regola rappresenta una o più voci di controllo di accesso (ACE) sottostanti e queste voci vengono suddivise o combinate in base alle esigenze quando si modificano le regole di sicurezza dell'accesso per un utente.A rule represents one or more underlying access control entries (ACE), and these entries are split or combined as necessary when you modify the access security rules for a user. Pertanto, una regola potrebbe non esistere più nel formato specifico in cui si trovava al momento dell'aggiunta e, in tal caso, il metodo RemoveAccessRuleSpecific non può rimuoverlo.Thus, a rule might no longer exist in the specific form it had when it was added, and in that case the RemoveAccessRuleSpecific method cannot remove it.

Si applica a