EventWaitHandleSecurity.RemoveAccessRuleSpecific 메서드
정의
중요
일부 정보는 릴리스되기 전에 상당 부분 수정될 수 있는 시험판 제품과 관련이 있습니다. Microsoft는 여기에 제공된 정보에 대해 어떠한 명시적이거나 묵시적인 보증도 하지 않습니다.
지정한 규칙과 정확히 일치하는 액세스 제어 규칙을 검색하여 제거합니다.
public:
void RemoveAccessRuleSpecific(System::Security::AccessControl::EventWaitHandleAccessRule ^ rule);public void RemoveAccessRuleSpecific (System.Security.AccessControl.EventWaitHandleAccessRule rule);override this.RemoveAccessRuleSpecific : System.Security.AccessControl.EventWaitHandleAccessRule -> unitPublic Sub RemoveAccessRuleSpecific (rule As EventWaitHandleAccessRule)매개 변수
제거할 EventWaitHandleAccessRule입니다.
예외
rule이(가) null인 경우
예제
다음 코드 예제에서는 메서드가 RemoveAccessRuleSpecific 규칙을 제거하기 위해 정확히 일치해야 하며 권한을 허용하고 거부하는 규칙은 서로 독립적임을 보여 줍니다.
이 예제에서는 개체를 EventWaitHandleSecurity 만들고 현재 사용자에 대한 다양한 권한을 허용 및 거부하는 규칙을 추가한 다음 액세스 규칙에 추가 권한을 Allow 병합합니다. 그런 다음, 원래 Allow 규칙을 메서드에 RemoveAccessRuleSpecific 전달하고 결과를 표시하여 아무 것도 삭제되지 않음을 보여 줍니다. 그런 다음 개체의 규칙과 일치하는 Allow 규칙을 EventWaitHandleSecurity 생성하고 메서드를 RemoveAccessRuleSpecific 사용하여 규칙을 제거합니다.
참고
이 예제에서는 보안 개체를 개체에 EventWaitHandle 연결하지 않습니다. 보안 개체를 연결하는 예제는 다음에서 EventWaitHandle.GetAccessControl EventWaitHandle.SetAccessControl찾을 수 있습니다.
using System;
using System.Threading;
using System.Security.AccessControl;
using System.Security.Principal;
public class Example
{
public static void Main()
{
// Create a string representing the current user.
string user = Environment.UserDomainName + "\\" +
Environment.UserName;
// Create a security object that grants no access.
EventWaitHandleSecurity mSec = new EventWaitHandleSecurity();
// Add a rule that grants the current user the
// right to wait on or signal the event.
EventWaitHandleAccessRule ruleA = new EventWaitHandleAccessRule(user,
EventWaitHandleRights.Synchronize | EventWaitHandleRights.Modify,
AccessControlType.Allow);
mSec.AddAccessRule(ruleA);
// Add a rule that denies the current user the
// right to change permissions on the event.
EventWaitHandleAccessRule rule = new EventWaitHandleAccessRule(user,
EventWaitHandleRights.ChangePermissions,
AccessControlType.Deny);
mSec.AddAccessRule(rule);
// Display the rules in the security object.
ShowSecurity(mSec);
// Add a rule that allows the current user the
// right to read permissions on the event. This rule
// is merged with the existing Allow rule.
rule = new EventWaitHandleAccessRule(user,
EventWaitHandleRights.ReadPermissions,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
ShowSecurity(mSec);
// Attempt to remove the original rule (granting
// the right to wait on or signal the event) with
// RemoveAccessRuleSpecific. The removal fails,
// because the right to read the permissions on the
// event has been added to the rule, so that it no
// longer matches the original rule.
Console.WriteLine("Attempt to use RemoveAccessRuleSpecific on the original rule.");
mSec.RemoveAccessRuleSpecific(ruleA);
ShowSecurity(mSec);
// Create a rule that grants the current user
// the right to wait on or signal the event, and
// to read permissions. Use this rule to remove
// the Allow rule for the current user.
Console.WriteLine("Use RemoveAccessRuleSpecific with the correct rights.");
rule = new EventWaitHandleAccessRule(user,
EventWaitHandleRights.Synchronize | EventWaitHandleRights.Modify |
EventWaitHandleRights.ReadPermissions,
AccessControlType.Allow);
mSec.RemoveAccessRuleSpecific(rule);
ShowSecurity(mSec);
}
private static void ShowSecurity(EventWaitHandleSecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach(EventWaitHandleAccessRule ar in
security.GetAccessRules(true, true, typeof(NTAccount)))
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.EventWaitHandleRights);
Console.WriteLine();
}
}
}
/*This code example produces output similar to following:
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: ChangePermissions
User: TestDomain\TestUser
Type: Allow
Rights: Modify, Synchronize
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: ChangePermissions
User: TestDomain\TestUser
Type: Allow
Rights: Modify, ReadPermissions, Synchronize
Attempt to use RemoveAccessRuleSpecific on the original rule.
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: ChangePermissions
User: TestDomain\TestUser
Type: Allow
Rights: Modify, ReadPermissions, Synchronize
Use RemoveAccessRuleSpecific with the correct rights.
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: ChangePermissions
*/
Imports System.Threading
Imports System.Security.AccessControl
Imports System.Security.Principal
Public Class Example
Public Shared Sub Main()
' Create a string representing the current user.
Dim user As String = Environment.UserDomainName _
& "\" & Environment.UserName
' Create a security object that grants no access.
Dim mSec As New EventWaitHandleSecurity()
' Add a rule that grants the current user the
' right to wait on or signal the event.
Dim ruleA As New EventWaitHandleAccessRule(user, _
EventWaitHandleRights.Synchronize _
Or EventWaitHandleRights.Modify, _
AccessControlType.Allow)
mSec.AddAccessRule(ruleA)
' Add a rule that denies the current user the
' right to change permissions on the event.
Dim rule As New EventWaitHandleAccessRule(user, _
EventWaitHandleRights.ChangePermissions, _
AccessControlType.Deny)
mSec.AddAccessRule(rule)
' Display the rules in the security object.
ShowSecurity(mSec)
' Add a rule that allows the current user the
' right to read permissions on the event. This rule
' is merged with the existing Allow rule.
rule = New EventWaitHandleAccessRule(user, _
EventWaitHandleRights.ReadPermissions, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
ShowSecurity(mSec)
' Attempt to remove the original rule (granting
' the right to wait on or signal the event) with
' RemoveAccessRuleSpecific. The removal fails,
' because the right to read the permissions on the
' event has been added to the rule, so that it no
' longer matches the original rule.
Console.WriteLine("Attempt to use RemoveAccessRuleSpecific on the original rule.")
mSec.RemoveAccessRuleSpecific(ruleA)
ShowSecurity(mSec)
' Create a rule that grants the current user
' the right to wait on or signal the event, and
' to read permissions. Use this rule to remove
' the Allow rule for the current user.
Console.WriteLine("Use RemoveAccessRuleSpecific with the correct rights.")
rule = New EventWaitHandleAccessRule(user, _
EventWaitHandleRights.Synchronize _
Or EventWaitHandleRights.Modify _
Or EventWaitHandleRights.ReadPermissions, _
AccessControlType.Allow)
mSec.RemoveAccessRuleSpecific(rule)
ShowSecurity(mSec)
End Sub
Private Shared Sub ShowSecurity(ByVal security As EventWaitHandleSecurity)
Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)
For Each ar As EventWaitHandleAccessRule In _
security.GetAccessRules(True, True, GetType(NTAccount))
Console.WriteLine(" User: {0}", ar.IdentityReference)
Console.WriteLine(" Type: {0}", ar.AccessControlType)
Console.WriteLine(" Rights: {0}", ar.EventWaitHandleRights)
Console.WriteLine()
Next
End Sub
End Class
'This code example produces output similar to following:
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: ChangePermissions
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: Modify, Synchronize
'
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: ChangePermissions
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: Modify, ReadPermissions, Synchronize
'
'Attempt to use RemoveAccessRuleSpecific on the original rule.
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: ChangePermissions
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: Modify, ReadPermissions, Synchronize
'
'Use RemoveAccessRuleSpecific with the correct rights.
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: ChangePermissions
설명
규칙은 플래그를 포함하여 모든 세부 정보에서 정확히 일치하는 rule 경우에만 제거됩니다. 동일한 사용자를 AccessControlType 가진 다른 규칙은 영향을 받지 않습니다.
중요
규칙은 하나 이상의 기본 ACE(액세스 제어 항목)를 나타내며, 이러한 항목은 사용자의 액세스 보안 규칙을 수정할 때 필요에 따라 분할되거나 결합됩니다. 따라서 규칙이 추가되었을 때의 특정 형식에 더 이상 존재하지 않을 수 있으며, 이 경우 메서드가 RemoveAccessRuleSpecific 제거할 수 없습니다.