SemaphoreSecurity.SetAccessRule(SemaphoreAccessRule) 方法
定义
移除与指定的规则具有相同用户和 AccessControlType(允许或拒绝)的所有控制规则,然后添加指定的规则。Removes all access control rules with the same user and AccessControlType (allow or deny) as the specified rule, and then adds the specified rule.
public:
void SetAccessRule(System::Security::AccessControl::SemaphoreAccessRule ^ rule);
public void SetAccessRule (System.Security.AccessControl.SemaphoreAccessRule rule);
override this.SetAccessRule : System.Security.AccessControl.SemaphoreAccessRule -> unit
Public Sub SetAccessRule (rule As SemaphoreAccessRule)
参数
- rule
- SemaphoreAccessRule
要添加的 SemaphoreAccessRule。The SemaphoreAccessRule to add. 由此规则的用户和 AccessControlType 确定在添加此规则之前要移除的规则。The user and AccessControlType of this rule determine the rules to remove before this rule is added.
例外
rule 为 null。rule is null.
示例
下面的代码示例演示如何 SetAccessRule 删除与的用户和的所有匹配的规则,并 AccessControlType 将 rule 其替换为 rule 。The following code example shows how the SetAccessRule method removes all rules that match both the user and the AccessControlType of rule, replacing them with rule.
该示例创建一个 SemaphoreSecurity 对象并添加允许和拒绝当前用户的各种权限的规则。The example creates a SemaphoreSecurity object and adds rules that allow and deny various rights for the current user. 然后,该示例创建一个允许当前用户 "完全控制" 的新规则,并使用该 SetAccessRule 方法将现有允许规则替换为新规则。The example then creates a new rule that allows the current user full control, and uses the SetAccessRule method to replace the existing Allow rule with the new rule. 拒绝访问的规则不受影响。The rule that denies access is not affected.
备注
此示例不会将安全对象附加到 Semaphore 对象。This example does not attach the security object to a Semaphore object. 可在和中找到附加安全对象的 Semaphore.GetAccessControl 示例 Semaphore.SetAccessControl 。Examples that attach security objects can be found in Semaphore.GetAccessControl and Semaphore.SetAccessControl.
using System;
using System.Threading;
using System.Security.AccessControl;
using System.Security.Principal;
public class Example
{
public static void Main()
{
// Create a string representing the current user.
string user = Environment.UserDomainName + "\\" +
Environment.UserName;
// Create a security object that grants no access.
SemaphoreSecurity mSec = new SemaphoreSecurity();
// Add a rule that grants the current user the
// right to enter or release the semaphore and read the
// permissions on the semaphore.
SemaphoreAccessRule rule = new SemaphoreAccessRule(user,
SemaphoreRights.Synchronize | SemaphoreRights.Modify
| SemaphoreRights.ReadPermissions,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Add a rule that denies the current user the
// right to change permissions on the semaphore.
rule = new SemaphoreAccessRule(user,
SemaphoreRights.ChangePermissions,
AccessControlType.Deny);
mSec.AddAccessRule(rule);
// Display the rules in the security object.
ShowSecurity(mSec);
// Create a rule that grants the current user
// the full control over the semaphore. Use the
// SetAccessRule method to replace the
// existing Allow rule with the new rule.
rule = new SemaphoreAccessRule(user,
SemaphoreRights.FullControl,
AccessControlType.Allow);
mSec.SetAccessRule(rule);
ShowSecurity(mSec);
}
private static void ShowSecurity(SemaphoreSecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach(SemaphoreAccessRule ar in
security.GetAccessRules(true, true, typeof(NTAccount)))
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.SemaphoreRights);
Console.WriteLine();
}
}
}
/*This code example produces output similar to following:
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: ChangePermissions
User: TestDomain\TestUser
Type: Allow
Rights: Modify, ReadPermissions, Synchronize
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: ChangePermissions
User: TestDomain\TestUser
Type: Allow
Rights: FullControl
*/
Imports System.Threading
Imports System.Security.AccessControl
Imports System.Security.Principal
Public Class Example
Public Shared Sub Main()
' Create a string representing the current user.
Dim user As String = Environment.UserDomainName _
& "\" & Environment.UserName
' Create a security object that grants no access.
Dim mSec As New SemaphoreSecurity()
' Add a rule that grants the current user the
' right to enter or release the semaphore, and to
' read its permissions.
Dim rule As New SemaphoreAccessRule(user, _
SemaphoreRights.Synchronize _
Or SemaphoreRights.Modify _
Or SemaphoreRights.ReadPermissions, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Add a rule that denies the current user the
' right to change permissions on the semaphore.
rule = New SemaphoreAccessRule(user, _
SemaphoreRights.ChangePermissions, _
AccessControlType.Deny)
mSec.AddAccessRule(rule)
' Display the rules in the security object.
ShowSecurity(mSec)
' Create a rule that grants the current user
' the full control over the semaphore. Use the
' SetAccessRule method to replace the
' the existing Allow rule with the new rule.
rule = New SemaphoreAccessRule(user, _
SemaphoreRights.FullControl, _
AccessControlType.Allow)
mSec.SetAccessRule(rule)
ShowSecurity(mSec)
End Sub
Private Shared Sub ShowSecurity(ByVal security As SemaphoreSecurity)
Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)
For Each ar As SemaphoreAccessRule In _
security.GetAccessRules(True, True, GetType(NTAccount))
Console.WriteLine(" User: {0}", ar.IdentityReference)
Console.WriteLine(" Type: {0}", ar.AccessControlType)
Console.WriteLine(" Rights: {0}", ar.SemaphoreRights)
Console.WriteLine()
Next
End Sub
End Class
'This code example produces output similar to following:
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: ChangePermissions
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: Modify, ReadPermissions, Synchronize
'
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: ChangePermissions
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: FullControl
注解
如果指定的规则具有 Allow ,则此方法的作用是移除 Allow 指定用户的所有规则,并将其替换为指定的规则。If the specified rule has Allow, the effect of this method is to remove all Allow rules for the specified user, replacing them with the specified rule. 如果指定的规则具有 Deny , Deny 则指定用户的所有规则都将替换为指定的规则。If the specified rule has Deny, all Deny rules for the specified user are replaced with the specified rule.
如果没有规则的用户和 AccessControlType 匹配指定的规则, rule 则添加。If there are no rules whose user and AccessControlType match the specified rule, rule is added.