ActiveDirectorySecurity.SetAccessRule(ActiveDirectoryAccessRule) 方法
定义
在对象的 DACL 中搜索所有所包含的安全标识符 (SID) 与 rule 对象中指定的 SID 相匹配且访问控制类型(“允许”或“拒绝”)与 rule 对象中指定的类型相匹配的访问规则,并将所有这些访问规则替换为 rule 对象中包含的访问规则。Searches an object's DACL for all access rules that contain a security identifier (SID) that matches the SID specified in the rule object, and an access control type (Allow or Deny) that matches the type specified in the rule object, and replaces all of those access rules with the access rules that are contained in the rule object.
public:
void SetAccessRule(System::DirectoryServices::ActiveDirectoryAccessRule ^ rule);
public void SetAccessRule (System.DirectoryServices.ActiveDirectoryAccessRule rule);
override this.SetAccessRule : System.DirectoryServices.ActiveDirectoryAccessRule -> unit
Public Sub SetAccessRule (rule As ActiveDirectoryAccessRule)
参数
此操作应用于的 ActiveDirectoryAccessRule 对象。The ActiveDirectoryAccessRule object to which this operation applies.
注解
当 SetAccessRule 用于替换所有与特定 SID 和访问控制类型相匹配的访问规则 (在对象的 DACL 中允许或拒绝) 时,该 DACL 中的所有规则以及与该对象中包含的 sid 和访问控制类型相匹配的 sid 和类型 rule 都将被替换。When SetAccessRule is used to replace all access rules that match a particular SID and access control type (Allow or Deny) in an object's DACL, all rules in that DACL with an SID and type that match the SID and access control type contained in the rule object are replaced. 使用此方法,开发人员可以将该 SID 的任何允许规则替换为该对象,而不会影响现有的拒绝规则,或替换该对象上该 SID 的所有拒绝规则,而不会影响现有允许规则。Using this method, the developer can replace any Allow rules for that SID on that object without affecting existing Deny rules, or replace all Deny rules for that SID on that object without affecting existing Allow rules. 若要将该对象的所有规则替换为与指定的 SID 相关,而不考虑类型,请改用 ResetAccessRule 。To replace all rules for that object pertaining to the specified SID, regardless of type, use ResetAccessRule instead.