RegistrySecurity.SetAccessRule(RegistryAccessRule) メソッド

定義

指定した規則と同じユーザーおよび同じ AccessControlType (許可または拒否) が指定されたすべてのアクセス制御規則を削除し、指定した規則を追加します。Removes all access control rules with the same user and AccessControlType (allow or deny) as the specified rule, and then adds the specified rule.

public:
 void SetAccessRule(System::Security::AccessControl::RegistryAccessRule ^ rule);
public void SetAccessRule (System.Security.AccessControl.RegistryAccessRule rule);
override this.SetAccessRule : System.Security.AccessControl.RegistryAccessRule -> unit
Public Sub SetAccessRule (rule As RegistryAccessRule)

パラメーター

rule
RegistryAccessRule

追加する RegistryAccessRuleThe RegistryAccessRule to add. この規則のユーザーと AccessControlType によって、この規則を追加する前に削除する規則が判断されます。The user and AccessControlType of this rule determine the rules to remove before this rule is added.

例外

rulenullです。rule is null.

次のコード例では、 SetAccessRuleメソッドが、ユーザー AccessControlTypeとのrule両方に一致するすべての規則を削除し、権限とフラグを無視ruleし、をに置き換えます。The following code example shows that the SetAccessRule method removes all rules that match both the user and the AccessControlType of rule, ignoring rights and flags, and replaces them with rule.

この例ではRegistrySecurity 、オブジェクトを作成し、継承フラグと反映フラグが異なる、現在のユーザーに対するさまざまな権限を許可および拒否する規則を追加します。The example creates a RegistrySecurity object and adds rules that allow and deny various rights for the current user, with different inheritance and propagation flags. この例では、現在のユーザーにのみキーの読み取りを許可する新しい規則を作成しSetAccessRule 、メソッドを使用して、アクセスを許可する2つの規則を削除し、新しい規則に置き換えます。The example then creates a new rule that allows the current user only to read the key, and uses the SetAccessRule method to remove the two rules that allow access and to replace them with the new rule. アクセスを拒否する規則は影響を受けません。The rule that denies access is not affected.

注意

この例では、 RegistryKeyオブジェクトにセキュリティオブジェクトをアタッチしません。This example does not attach the security object to a RegistryKey object. RegistryKey.GetAccessControl メソッドRegistryKey.SetAccessControlとメソッドを参照してください。See the RegistryKey.GetAccessControl method and the RegistryKey.SetAccessControl method.


using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;

public class Example
{
    public static void Main()
    {
        string user = Environment.UserDomainName + "\\"
            + Environment.UserName;

        // Create a security object that grants no access.
        RegistrySecurity mSec = new RegistrySecurity();

        // Add a rule that grants the current user the right
        // to read and enumerate the name/value pairs in a key, 
        // to read its access and audit rules, to enumerate
        // its subkeys, to create subkeys, and to delete the key. 
        // The rule is inherited by all contained subkeys.
        //
        RegistryAccessRule rule = new RegistryAccessRule(user, 
            RegistryRights.ReadKey | RegistryRights.WriteKey
                | RegistryRights.Delete, 
            InheritanceFlags.ContainerInherit, 
            PropagationFlags.None, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Add a rule that allows the current user the right
        // right to set the name/value pairs in a key. 
        // This rule is inherited by contained subkeys, but
        // propagation flags limit it to immediate child 
        // subkeys.
        rule = new RegistryAccessRule(user, 
            RegistryRights.ChangePermissions,
            InheritanceFlags.ContainerInherit,
            PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Add a rule that denies the current user the right
        // to set the name/value pairs in a key. This rule
        // has no inheritance or propagation flags, so it 
        // affects only the key itself.
        rule = new RegistryAccessRule(user,
            RegistryRights.SetValue,
            AccessControlType.Deny);
        mSec.AddAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Create a rule that allows the current user  
        // only read access to a key, with no inheritance 
        // or propagation flags. SetAccessRule removes
        // all the existing rules that allow access for
        // the current user, replacing them with this
        // rule. Rules that deny access do not match,
        // and so are not affected.
        rule = new RegistryAccessRule(user, 
            RegistryRights.ReadKey, 
            AccessControlType.Allow);
        mSec.SetAccessRule(rule);

        // Display the rules in the security object.
        // removed.
        ShowSecurity(mSec);
    }

    private static void ShowSecurity(RegistrySecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach( RegistryAccessRule ar in 
            security.GetAccessRules(true, true, typeof(NTAccount)) )
        {
            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.RegistryRights);
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
            Console.WriteLine("   Inherited? {0}", ar.IsInherited);
            Console.WriteLine();
        }
    }
}

/* This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: SetValue
 Inheritance: None
 Propagation: None
   Inherited? False

        User: TestDomain\TestUser
        Type: Allow
      Rights: SetValue, CreateSubKey, Delete, ReadKey
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? False

        User: TestDomain\TestUser
        Type: Allow
      Rights: ChangePermissions
 Inheritance: ContainerInherit
 Propagation: NoPropagateInherit, InheritOnly
   Inherited? False


Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: SetValue
 Inheritance: None
 Propagation: None
   Inherited? False

        User: TestDomain\TestUser
        Type: Allow
      Rights: ReadKey
 Inheritance: None
 Propagation: None
   Inherited? False
*/
Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32

Public Class Example

    Public Shared Sub Main()

        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access.
        Dim mSec As New RegistrySecurity()

        ' Add a rule that grants the current user the right
        ' to read and enumerate the name/value pairs in a key, 
        ' to read its access and audit rules, to enumerate
        ' its subkeys, to create subkeys, and to delete the key. 
        ' The rule is inherited by all contained subkeys.
        '
        Dim rule As New RegistryAccessRule(user, _
            RegistryRights.ReadKey Or RegistryRights.WriteKey _
                Or RegistryRights.Delete, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.None, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Add a rule that allows the current user the right
        ' right to set the name/value pairs in a key. 
        ' This rule is inherited by contained subkeys, but
        ' propagation flags limit it to immediate child 
        ' subkeys.
        rule = New RegistryAccessRule(user, _
            RegistryRights.ChangePermissions, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Add a rule that denies the current user the right
        ' to set the name/value pairs in a key. This rule
        ' has no inheritance or propagation flags, so it 
        ' affects only the key itself.
        rule = New RegistryAccessRule(user, _
            RegistryRights.SetValue, _
            AccessControlType.Deny)
        mSec.AddAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

        ' Create a rule that allows the current user  
        ' only read access to a key, with no inheritance 
        ' or propagation flags. SetAccessRule removes
        ' all the existing rules that allow access for
        ' the current user, replacing them with this
        ' rule. Rules that deny access do not match,
        ' and so are not affected.
        rule = New RegistryAccessRule(user, _
            RegistryRights.ReadKey, _
            AccessControlType.Allow)
        mSec.SetAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

    End Sub 

    Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As RegistryAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.RegistryRights)
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
            Console.WriteLine("   Inherited? {0}", ar.IsInherited)
            Console.WriteLine()
        Next

    End Sub
End Class 

'This code example produces output similar to following:
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: SetValue
' Inheritance: None
' Propagation: None
'   Inherited? False
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? False
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: ChangePermissions
' Inheritance: ContainerInherit
' Propagation: NoPropagateInherit, InheritOnly
'   Inherited? False
'
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: SetValue
' Inheritance: None
' Propagation: None
'   Inherited? False
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: ReadKey
' Inheritance: None
' Propagation: None
'   Inherited? False

注釈

指定された規則Allowがの場合、このメソッドの効果は、 Allow指定されたユーザーのすべての規則を削除し、指定した規則に置き換えることです。If the specified rule has Allow, the effect of this method is to remove all Allow rules for the specified user, replacing them with the specified rule. 指定した規則にDenyが含まDenyれている場合は、指定したユーザーのすべての規則が指定した規則に置き換えられます。If the specified rule has Deny, all Deny rules for the specified user are replaced with the specified rule.

ユーザー AccessControlTypeが指定した規則に一致する規則が存在しruleない場合は、が追加されます。If there are no rules whose user and AccessControlType match the specified rule, rule is added.

適用対象