RegistrySecurity.AddAccessRule(RegistryAccessRule) メソッド

定義

新しい規則をマージできる、一致するアクセス制御を検索します。Searches for a matching access control with which the new rule can be merged. 見つからない場合は、新しい規則を追加します。If none are found, adds the new rule.

public:
 void AddAccessRule(System::Security::AccessControl::RegistryAccessRule ^ rule);
public void AddAccessRule (System.Security.AccessControl.RegistryAccessRule rule);
override this.AddAccessRule : System.Security.AccessControl.RegistryAccessRule -> unit
Public Sub AddAccessRule (rule As RegistryAccessRule)

パラメーター

rule
RegistryAccessRule

追加するアクセス制御規則。The access control rule to add.

例外

rulenullです。rule is null.

次のコード例では、レジストリアクセス規則を作成しRegistrySecurity 、オブジェクトに追加します。これにより、同じ種類の互換性のある規則が結合されたまま、アクセス許可と拒否の規則がどのように分離されているかが示されます。The following code example creates registry access rules and adds them to a RegistrySecurity object, showing how rules that allow and deny rights remain separate, while compatible rules of the same kind are merged.

注意

この例では、 RegistryKeyオブジェクトにセキュリティオブジェクトをアタッチしません。This example does not attach the security object to a RegistryKey object. セキュリティオブジェクトをアタッチする例についてRegistryKey.GetAccessControlRegistryKey.SetAccessControl、「」および「」を参照してください。Examples that attach security objects can be found in RegistryKey.GetAccessControl and RegistryKey.SetAccessControl.

継承フラグと反映フラグを示すコード例は、 RegistryAccessRuleクラスにあります。A code example that demonstrates inheritance and propagation flags can be found in the RegistryAccessRule class.

using System;
using Microsoft.Win32;
using System.Security.AccessControl;
using System.Security.Principal;

public class Example
{
    public static void Main()
    {
        // Create a string representing the current user.
        string user = Environment.UserDomainName + "\\"
            + Environment.UserName;

        // Create a security object that grants no access.
        RegistrySecurity mSec = new RegistrySecurity();

        // Add a rule that grants the current user the 
        // right to read the key.
        RegistryAccessRule rule = new RegistryAccessRule(user, 
            RegistryRights.ReadKey, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Add a rule that denies the current user the 
        // right to change permissions on the Registry.
        rule = new RegistryAccessRule(user, 
            RegistryRights.ChangePermissions, 
            AccessControlType.Deny);
        mSec.AddAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Add a rule that allows the current user the 
        // right to read permissions on the Registry. This 
        // rule is merged with the existing Allow rule.
        rule = new RegistryAccessRule(user, 
            RegistryRights.WriteKey, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        ShowSecurity(mSec);
    }

    private static void ShowSecurity(RegistrySecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach( RegistryAccessRule ar in 
            security.GetAccessRules(true, true, typeof(NTAccount)) )
        {
            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.RegistryRights);
            Console.WriteLine();
        }
    }
}

/* This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions

        User: TestDomain\TestUser
        Type: Allow
      Rights: ReadKey


Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions

        User: TestDomain\TestUser
        Type: Allow
      Rights: SetValue, CreateSubKey, ReadKey
 */
Imports Microsoft.Win32
Imports System.Security.AccessControl
Imports System.Security.Principal

Public Class Example

    Public Shared Sub Main()

        ' Create a string representing the current user.
        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access.
        Dim mSec As New RegistrySecurity()

        ' Add a rule that grants the current user the 
        ' right to read the key.
        Dim rule As New RegistryAccessRule(user, _
            RegistryRights.ReadKey, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Add a rule that denies the current user the 
        ' right to change permissions on the Registry.
        rule = New RegistryAccessRule(user, _
            RegistryRights.ChangePermissions, _
            AccessControlType.Deny)
        mSec.AddAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

        ' Add a rule that allows the current user the 
        ' right to read permissions on the Registry. This 
        ' rule is merged with the existing Allow rule.
        rule = New RegistryAccessRule(user, _
            RegistryRights.WriteKey, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ShowSecurity(mSec)

    End Sub 

    Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As RegistryAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.RegistryRights)
            Console.WriteLine()
        Next

    End Sub
End Class 

'This code example produces output similar to following:
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: ChangePermissions
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: ReadKey
'
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: ChangePermissions
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: SetValue, CreateSubKey, ReadKey

注釈

メソッドAddAccessRuleは、同じユーザーまたはグループの規則を検索し、 AccessControlTyperule同じを検索します。The AddAccessRule method searches for rules with the same user or group and the same AccessControlType as rule. 何も見つからない場合ruleは、が追加されます。If none are found, rule is added. 照合ルールが見つかった場合、のrule権限は既存のルールとマージされます。If a matching rule is found, the rights in rule are merged with the existing rule.

継承フラグが異なる場合は、ルールをマージできません。Rules cannot be merged if they have different inheritance flags. たとえば、ユーザーが継承フラグを指定せずに読み取りアクセスを許可さAddAccessRuleれており、サブキー (InheritanceFlags.ContainerInherit) の継承を使用してユーザーに書き込みアクセスを付与する規則を追加するために使用される場合、2つの規則をマージすることはできません。For example, if a user is allowed read access with no inheritance flags, and AddAccessRule is used to add a rule giving the user write access with inheritance for subkeys (InheritanceFlags.ContainerInherit), the two rules cannot be merged.

値が異なるAccessControlType規則はマージされません。Rules with different AccessControlType values are never merged.

ルールは、最も経済的な方法で付与されます。Rules express rights in the most economical way. たとえば、 QueryValuesユーザーがNotify EnumerateSubKeys 、権限を持っていて、権限を許可する規則を追加した場合、ユーザーには権限ReadKeyの構成要素がすべて含まれます。 ReadPermissionsFor example, if a user has QueryValues, Notify and ReadPermissions rights, and you add a rule allowing EnumerateSubKeys rights, the user has all the constituent parts of ReadKey rights. ユーザーの権限に対してクエリを実行すると、権限をReadKey含むルールが表示されます。If you query the user's rights, you will see a rule containing ReadKey rights. 同様に、権限をEnumerateSubKeys削除すると、他のReadKey構成要素の権限も再表示されます。Similarly, if you remove EnumerateSubKeys rights, the other constituents of ReadKey rights will reappear.

適用対象