RegistrySecurity.SetAccessRule(RegistryAccessRule) 메서드

정의

네임스페이스:

System.Security.AccessControl

어셈블리:

Microsoft.Win32.Registry.dll

패키지:

Microsoft.Win32.Registry v5.0.0

지정된 규칙과 사용자 및 AccessControlType(허용 또는 거부)이 같은 모든 액세스 제어 규칙을 제거한 다음 지정한 규칙을 추가합니다.

public:
 void SetAccessRule(System::Security::AccessControl::RegistryAccessRule ^ rule);

public void SetAccessRule (System.Security.AccessControl.RegistryAccessRule rule);

override this.SetAccessRule : System.Security.AccessControl.RegistryAccessRule -> unit

Public Sub SetAccessRule (rule As RegistryAccessRule)

매개 변수

rule

RegistryAccessRule

추가할 RegistryAccessRule입니다. 이 규칙의 사용자 및 AccessControlType은 이 규칙이 추가되기 전에 제거할 규칙을 결정합니다.

예외

ArgumentNullException

rule이(가) null인 경우

예제

다음 코드 예제에서는 SetAccessRule 메서드는 사용자와 AccessControlTyperule의 모두 일치 하는 모든 규칙을 제거 하 고 권한 및 플래그를 무시 하 고 대체 합니다 rule.

이 예제에서는 개체를 RegistrySecurity 만들고 다른 상속 및 전파 플래그를 사용하여 현재 사용자에 대한 다양한 권한을 허용하고 거부하는 규칙을 추가합니다. 그런 다음 현재 사용자가 키를 읽을 수 있도록 하는 새 규칙을 만들고 메서드를 사용하여 SetAccessRule 액세스를 허용하고 새 규칙으로 바꾸는 두 규칙을 제거합니다. 액세스를 거부하는 규칙은 영향을 받지 않습니다.

참고

이 예제에서는 보안 개체를 개체에 RegistryKey 연결하지 않습니다. RegistryKey.GetAccessControl 메서드 및 메서드를 RegistryKey.SetAccessControl 참조하세요.

using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;

public class Example
{
    public static void Main()
    {
        string user = Environment.UserDomainName + "\\"
            + Environment.UserName;

        // Create a security object that grants no access.
        RegistrySecurity mSec = new RegistrySecurity();

        // Add a rule that grants the current user the right
        // to read and enumerate the name/value pairs in a key, 
        // to read its access and audit rules, to enumerate
        // its subkeys, to create subkeys, and to delete the key. 
        // The rule is inherited by all contained subkeys.
        //
        RegistryAccessRule rule = new RegistryAccessRule(user, 
            RegistryRights.ReadKey | RegistryRights.WriteKey
                | RegistryRights.Delete, 
            InheritanceFlags.ContainerInherit, 
            PropagationFlags.None, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Add a rule that allows the current user the right
        // right to set the name/value pairs in a key. 
        // This rule is inherited by contained subkeys, but
        // propagation flags limit it to immediate child 
        // subkeys.
        rule = new RegistryAccessRule(user, 
            RegistryRights.ChangePermissions,
            InheritanceFlags.ContainerInherit,
            PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Add a rule that denies the current user the right
        // to set the name/value pairs in a key. This rule
        // has no inheritance or propagation flags, so it 
        // affects only the key itself.
        rule = new RegistryAccessRule(user,
            RegistryRights.SetValue,
            AccessControlType.Deny);
        mSec.AddAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Create a rule that allows the current user  
        // only read access to a key, with no inheritance 
        // or propagation flags. SetAccessRule removes
        // all the existing rules that allow access for
        // the current user, replacing them with this
        // rule. Rules that deny access do not match,
        // and so are not affected.
        rule = new RegistryAccessRule(user, 
            RegistryRights.ReadKey, 
            AccessControlType.Allow);
        mSec.SetAccessRule(rule);

        // Display the rules in the security object.
        // removed.
        ShowSecurity(mSec);
    }

    private static void ShowSecurity(RegistrySecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach( RegistryAccessRule ar in 
            security.GetAccessRules(true, true, typeof(NTAccount)) )
        {
            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.RegistryRights);
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
            Console.WriteLine("   Inherited? {0}", ar.IsInherited);
            Console.WriteLine();
        }
    }
}

/* This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: SetValue
 Inheritance: None
 Propagation: None
   Inherited? False

        User: TestDomain\TestUser
        Type: Allow
      Rights: SetValue, CreateSubKey, Delete, ReadKey
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? False

        User: TestDomain\TestUser
        Type: Allow
      Rights: ChangePermissions
 Inheritance: ContainerInherit
 Propagation: NoPropagateInherit, InheritOnly
   Inherited? False


Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: SetValue
 Inheritance: None
 Propagation: None
   Inherited? False

        User: TestDomain\TestUser
        Type: Allow
      Rights: ReadKey
 Inheritance: None
 Propagation: None
   Inherited? False
*/

Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32

Public Class Example

    Public Shared Sub Main()

        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access.
        Dim mSec As New RegistrySecurity()

        ' Add a rule that grants the current user the right
        ' to read and enumerate the name/value pairs in a key, 
        ' to read its access and audit rules, to enumerate
        ' its subkeys, to create subkeys, and to delete the key. 
        ' The rule is inherited by all contained subkeys.
        '
        Dim rule As New RegistryAccessRule(user, _
            RegistryRights.ReadKey Or RegistryRights.WriteKey _
                Or RegistryRights.Delete, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.None, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Add a rule that allows the current user the right
        ' right to set the name/value pairs in a key. 
        ' This rule is inherited by contained subkeys, but
        ' propagation flags limit it to immediate child 
        ' subkeys.
        rule = New RegistryAccessRule(user, _
            RegistryRights.ChangePermissions, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Add a rule that denies the current user the right
        ' to set the name/value pairs in a key. This rule
        ' has no inheritance or propagation flags, so it 
        ' affects only the key itself.
        rule = New RegistryAccessRule(user, _
            RegistryRights.SetValue, _
            AccessControlType.Deny)
        mSec.AddAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

        ' Create a rule that allows the current user  
        ' only read access to a key, with no inheritance 
        ' or propagation flags. SetAccessRule removes
        ' all the existing rules that allow access for
        ' the current user, replacing them with this
        ' rule. Rules that deny access do not match,
        ' and so are not affected.
        rule = New RegistryAccessRule(user, _
            RegistryRights.ReadKey, _
            AccessControlType.Allow)
        mSec.SetAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

    End Sub 

    Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As RegistryAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.RegistryRights)
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
            Console.WriteLine("   Inherited? {0}", ar.IsInherited)
            Console.WriteLine()
        Next

    End Sub
End Class 

'This code example produces output similar to following:
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: SetValue
' Inheritance: None
' Propagation: None
'   Inherited? False
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? False
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: ChangePermissions
' Inheritance: ContainerInherit
' Propagation: NoPropagateInherit, InheritOnly
'   Inherited? False
'
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: SetValue
' Inheritance: None
' Propagation: None
'   Inherited? False
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: ReadKey
' Inheritance: None
' Propagation: None
'   Inherited? False

설명

지정된 규칙에 가 Allow있는 경우 이 메서드의 효과는 지정된 사용자에 대한 모든 Allow 규칙을 제거하고 지정된 규칙으로 바꾸는 것입니다. 지정된 규칙에 가 있는 Deny경우 지정된 사용자에 대한 모든 Deny 규칙이 지정된 규칙으로 대체됩니다.

사용자 및 가 지정된 규칙과 AccessControlType 일치하는 규칙이 rule 없으면 가 추가됩니다.