SemaphoreAccessRule 类

定义

表示一组允许或拒绝用户或组进行访问的权限。Represents a set of access rights allowed or denied for a user or group. 此类不能被继承。This class cannot be inherited.

public ref class SemaphoreAccessRule sealed : System::Security::AccessControl::AccessRule
[System.Runtime.InteropServices.ComVisible(false)]
[System.Security.SecurityCritical]
public sealed class SemaphoreAccessRule : System.Security.AccessControl.AccessRule
type SemaphoreAccessRule = class
    inherit AccessRule
Public NotInheritable Class SemaphoreAccessRule
Inherits AccessRule
继承
SemaphoreAccessRule
属性

示例

下面的代码示例演示规则和Allow Deny规则之间的分隔, 并显示兼容规则中的权限组合。The following code example demonstrates the separation between Allow rules and Deny rules, and shows the combination of rights in compatible rules. 该示例创建一个SemaphoreSecurity对象, 添加允许和拒绝当前用户的各种权限的规则, 并显示生成的规则对。The example creates a SemaphoreSecurity object, adds rules that allow and deny various rights for the current user, and displays the resulting pair of rules. 然后, 该示例允许当前用户具有新权限, 并显示结果, 并显示新权限与现有Allow规则合并。The example then allows new rights for the current user and displays the result, showing that the new rights are merged with the existing Allow rule.

备注

此示例不会将安全对象附加到Semaphore对象。This example does not attach the security object to a Semaphore object. 可在和Semaphore.GetAccessControl Semaphore.SetAccessControl中找到附加安全对象的示例。Examples that attach security objects can be found in Semaphore.GetAccessControl and Semaphore.SetAccessControl.

using System;
using System.Threading;
using System.Security.AccessControl;
using System.Security.Principal;

public class Example
{
    public static void Main()
    {
        // Create a string representing the current user.
        string user = Environment.UserDomainName + "\\" + 
            Environment.UserName;

        // Create a security object that grants no access.
        SemaphoreSecurity mSec = new SemaphoreSecurity();

        // Add a rule that grants the current user the 
        // right to enter or release the semaphore.
        SemaphoreAccessRule rule = new SemaphoreAccessRule(user, 
            SemaphoreRights.Synchronize | SemaphoreRights.Modify, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Add a rule that denies the current user the 
        // right to change permissions on the semaphore.
        rule = new SemaphoreAccessRule(user, 
            SemaphoreRights.ChangePermissions, 
            AccessControlType.Deny);
        mSec.AddAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Add a rule that allows the current user the 
        // right to read permissions on the semaphore. This rule
        // is merged with the existing Allow rule.
        rule = new SemaphoreAccessRule(user, 
            SemaphoreRights.ReadPermissions, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        ShowSecurity(mSec);
    }

    private static void ShowSecurity(SemaphoreSecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach(SemaphoreAccessRule ar in 
            security.GetAccessRules(true, true, typeof(NTAccount)))
        {
            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.SemaphoreRights);
            Console.WriteLine();
        }
    }
}

/*This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions

        User: TestDomain\TestUser
        Type: Allow
      Rights: Modify, Synchronize


Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions

        User: TestDomain\TestUser
        Type: Allow
      Rights: Modify, ReadPermissions, Synchronize
 */
Imports System.Threading
Imports System.Security.AccessControl
Imports System.Security.Principal

Public Class Example

    Public Shared Sub Main()

        ' Create a string representing the current user.
        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access.
        Dim mSec As New SemaphoreSecurity()

        ' Add a rule that grants the current user the 
        ' right to enter or release the semaphore.
        Dim rule As New SemaphoreAccessRule(user, _
            SemaphoreRights.Synchronize _
            Or SemaphoreRights.Modify, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Add a rule that denies the current user the 
        ' right to change permissions on the semaphore.
        rule = New SemaphoreAccessRule(user, _
            SemaphoreRights.ChangePermissions, _
            AccessControlType.Deny)
        mSec.AddAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

        ' Add a rule that allows the current user the 
        ' right to read permissions on the semaphore. This 
        ' rule is merged with the existing Allow rule.
        rule = New SemaphoreAccessRule(user, _
            SemaphoreRights.ReadPermissions, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ShowSecurity(mSec)

    End Sub 

    Private Shared Sub ShowSecurity(ByVal security As SemaphoreSecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As SemaphoreAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.SemaphoreRights)
            Console.WriteLine()
        Next

    End Sub
End Class 

'This code example produces output similar to following:
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: ChangePermissions
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: Modify, Synchronize
'
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: ChangePermissions
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: Modify, ReadPermissions, Synchronize

注解

SemaphoreAccessRule类是 .NET Framework 为管理已命名的系统信号量上的 Windows 访问控制安全性提供的一组类中的一种。The SemaphoreAccessRule class is one of a set of classes that the .NET Framework provides for managing Windows access control security on named system semaphores. 有关这些类的概述及其与基础 Windows 访问控制结构的关系, 请参阅SemaphoreSecurityFor an overview of these classes, and their relationship to the underlying Windows access control structures, see SemaphoreSecurity.

备注

Windows 访问控制安全性仅适用于已命名的系统信号量。Windows access control security is meaningful only for named system semaphores. Semaphore如果对象表示本地信号量, 则访问控制是不相关的。If a Semaphore object represents a local semaphore, access control is irrelevant.

若要获取当前应用于命名信号量的规则列表, 请Semaphore.GetAccessControl使用方法SemaphoreSecurity获取对象, 然后使用其GetAccessRules方法获取对象的SemaphoreAccessRule集合。To get a list of the rules currently applied to a named semaphore, use the Semaphore.GetAccessControl method to get a SemaphoreSecurity object, then use its GetAccessRules method to obtain a collection of SemaphoreAccessRule objects.

SemaphoreAccessRule对象不会使用基础自由访问控制列表 (DACL) 中的访问控制项来一对一映射。SemaphoreAccessRule objects do not map one-to-one with access control entries in the underlying discretionary access control list (DACL). 获取用于某个信号量的所有访问规则集时, 该集包含表示所有访问控制项所需的最小规则数。When you get the set of all access rules for a semaphore, the set contains the minimum number of rules currently required to express all the access control entries.

备注

在应用和删除规则时, 基础访问控制项会更改。The underlying access control entries change as you apply and remove rules. 如果可能, 将合并规则中的信息以保持最小数量的访问控制项。The information in rules is merged if possible, to maintain the smallest number of access control entries. 因此, 当您阅读当前的规则列表时, 它可能看起来与您添加的所有规则的列表并不完全相同。Thus, when you read the current list of rules, it might not look exactly like the list of all the rules you have added.

使用SemaphoreAccessRule对象指定对用户或组允许或拒绝的访问权限。Use SemaphoreAccessRule objects to specify access rights to allow or deny to a user or group. SemaphoreAccessRule对象始终表示允许的访问权限或拒绝访问, 这两种方法都不会。A SemaphoreAccessRule object always represents either allowed access or denied access, never both.

若要将规则应用于已命名的系统信号量Semaphore.GetAccessControl , 请使用方法SemaphoreSecurity来获取对象。To apply a rule to a named system semaphore, use the Semaphore.GetAccessControl method to get the SemaphoreSecurity object. 通过使用Semaphore.SetAccessControl对象的方法添加规则来修改对象, 然后使用方法重新附加安全对象。 SemaphoreSecurityModify the SemaphoreSecurity object by using its methods to add the rule, and then use the Semaphore.SetAccessControl method to reattach the security object.

重要

对对象所做的更改不会影响已命名的信号量的访问级别, 直到Semaphore.SetAccessControl调用方法将已更改的安全对象分配给已命名的信号量。 SemaphoreSecurityChanges you make to a SemaphoreSecurity object do not affect the access levels of the named semaphore until you call the Semaphore.SetAccessControl method to assign the altered security object to the named semaphore.

SemaphoreAccessRule对象是不可变的。SemaphoreAccessRule objects are immutable. 使用SemaphoreSecurity类的方法来修改信号量的安全性, 以添加或删除规则; 执行此操作时, 将修改基础访问控制项。Security for a semaphore is modified using the methods of the SemaphoreSecurity class to add or remove rules; as you do this, the underlying access control entries are modified.

备注

Windows 98 或 Windows Millennium Edition 不支持同步对象的安全性。Security on synchronization objects is not supported for Windows 98 or Windows Millennium Edition.

构造函数

SemaphoreAccessRule(IdentityReference, SemaphoreRights, AccessControlType)

初始化 SemaphoreAccessRule 类的新实例,指定此规则应用到的用户或组、访问权限以及是否允许或拒绝指定的访问权限。Initializes a new instance of the SemaphoreAccessRule class, specifying the user or group the rule applies to, the access rights, and whether the specified access rights are allowed or denied.

SemaphoreAccessRule(String, SemaphoreRights, AccessControlType)

初始化 SemaphoreAccessRule 类的新实例,指定应用此规则的用户或组的名称、访问权限以及是否允许或拒绝指定的访问权限。Initializes a new instance of the SemaphoreAccessRule class, specifying the name of the user or group the rule applies to, the access rights, and whether the specified access rights are allowed or denied.

属性

AccessControlType

获取与此 AccessControlType 对象关联的 AccessRule 对象。Gets the AccessControlType value associated with this AccessRule object.

(继承自 AccessRule)
AccessMask

获取此规则的访问掩码。Gets the access mask for this rule.

(继承自 AuthorizationRule)
IdentityReference

获取对其应用此规则的 IdentityReferenceGets the IdentityReference to which this rule applies.

(继承自 AuthorizationRule)
InheritanceFlags

获取用于确定子对象如何继承此规则的标志的值。Gets the value of flags that determine how this rule is inherited by child objects.

(继承自 AuthorizationRule)
IsInherited

获取一个值,该值指示此规则是否为显式设置或继承自父级容器对象。Gets a value indicating whether this rule is explicitly set or is inherited from a parent container object.

(继承自 AuthorizationRule)
PropagationFlags

获取传播标志的值,该值确定如何将此规则的继承传播到子对象。Gets the value of the propagation flags, which determine how inheritance of this rule is propagated to child objects. 仅当 InheritanceFlags 枚举的值不为 None 时,此属性才有意义。This property is significant only when the value of the InheritanceFlags enumeration is not None.

(继承自 AuthorizationRule)
SemaphoreRights

获取访问规则允许或拒绝的权限。Gets the rights allowed or denied by the access rule.

方法

Equals(Object)

确定指定的对象是否等于当前对象。Determines whether the specified object is equal to the current object.

(继承自 Object)
GetHashCode()

用作默认哈希函数。Serves as the default hash function.

(继承自 Object)
GetType()

获取当前实例的 TypeGets the Type of the current instance.

(继承自 Object)
MemberwiseClone()

创建当前 Object 的浅表副本。Creates a shallow copy of the current Object.

(继承自 Object)
ToString()

返回一个表示当前对象的 string。Returns a string that represents the current object.

(继承自 Object)

适用于

另请参阅