ObjectSecurity.SetSecurityDescriptorSddlForm Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Sets the security descriptor for this ObjectSecurity object from the specified Security Descriptor Definition Language (SDDL) string.
Overloads
SetSecurityDescriptorSddlForm(String) |
Sets the security descriptor for this ObjectSecurity object from the specified Security Descriptor Definition Language (SDDL) string. |
SetSecurityDescriptorSddlForm(String, AccessControlSections) |
Sets the specified sections of the security descriptor for this ObjectSecurity object from the specified Security Descriptor Definition Language (SDDL) string. |
Remarks
If the security descriptor represented by the SDDL string contains null
for its discretionary access control list (DACL), a single access control entry (ACE) that allows everyone full access (AEFA) is added to the DACL. If an application modifies the DACL of a security descriptor to which an AEFA ACE has been added, the AEFA ACE is persisted with the DACL when that DACL is persisted.
This can result in an application unintentionally allowing access to principals. Because of this, an application should check for the existence of an AEFA ACE and remove it before modifying any security descriptor.
SetSecurityDescriptorSddlForm(String)
Sets the security descriptor for this ObjectSecurity object from the specified Security Descriptor Definition Language (SDDL) string.
public:
void SetSecurityDescriptorSddlForm(System::String ^ sddlForm);
public void SetSecurityDescriptorSddlForm (string sddlForm);
member this.SetSecurityDescriptorSddlForm : string -> unit
Public Sub SetSecurityDescriptorSddlForm (sddlForm As String)
Parameters
- sddlForm
- String
The SDDL string from which to set the security descriptor.
Remarks
If the security descriptor represented by the SDDL string contains null
for its discretionary access control list (DACL), a single access control entry (ACE) that allows everyone full access (AEFA) is added to the DACL. If an application modifies the DACL of a security descriptor to which an AEFA ACE has been added, the AEFA ACE is persisted with the DACL when that DACL is persisted.
This can result in an application unintentionally allowing access to principals. Because of this, an application should check for the existence of an AEFA ACE and remove it before modifying any security descriptor.
Applies to
SetSecurityDescriptorSddlForm(String, AccessControlSections)
Sets the specified sections of the security descriptor for this ObjectSecurity object from the specified Security Descriptor Definition Language (SDDL) string.
public:
void SetSecurityDescriptorSddlForm(System::String ^ sddlForm, System::Security::AccessControl::AccessControlSections includeSections);
public void SetSecurityDescriptorSddlForm (string sddlForm, System.Security.AccessControl.AccessControlSections includeSections);
member this.SetSecurityDescriptorSddlForm : string * System.Security.AccessControl.AccessControlSections -> unit
Public Sub SetSecurityDescriptorSddlForm (sddlForm As String, includeSections As AccessControlSections)
Parameters
- sddlForm
- String
The SDDL string from which to set the security descriptor.
- includeSections
- AccessControlSections
The sections (access rules, audit rules, owner, primary group) of the security descriptor to set.
Remarks
If the security descriptor represented by the SDDL string contains null
for its discretionary access control list (DACL), a single access control entry (ACE) that allows everyone full access (AEFA) is added to the DACL. If an application modifies the DACL of a security descriptor to which an AEFA ACE has been added, the AEFA ACE is persisted with the DACL when that DACL is persisted.
This can result in an application unintentionally allowing access to principals. Because of this, an application should check for the existence of an AEFA ACE and remove it before modifying any security descriptor.
Applies to
.NET
피드백
https://aka.ms/ContentUserFeedback
출시 예정: 2024년 내내 콘텐츠에 대한 피드백 메커니즘으로 GitHub 문제를 단계적으로 폐지하고 이를 새로운 피드백 시스템으로 바꿀 예정입니다. 자세한 내용은 다음을 참조하세요.다음에 대한 사용자 의견 제출 및 보기