System.Security.AccessControl Namespace

System.Security.AccessControl 命名空间提供的编程元素用来控制对可保护对象的访问,并审核针对这些对象执行的与安全有关的操作。 The System.Security.AccessControl namespace provides programming elements that control access to and audit security-related actions on securable objects.

AccessRule

表示用户的标识、访问掩码和访问控制类型(允许或拒绝)的组合。Represents a combination of a user's identity, an access mask, and an access control type (allow or deny). AccessRule 对象还包含有关子对象如何继承规则以及如何传播继承的信息。An AccessRule object also contains information about the how the rule is inherited by child objects and how that inheritance is propagated.

AccessRule<T>

表示用户的标识、访问掩码和访问控制类型(允许或拒绝)的组合。Represents a combination of a user's identity, an access mask, and an access control type (allow or deny). AccessRule`1 对象还包含有关子对象如何继承规则以及如何传播继承的信息。An AccessRule`1 object also contains information about the how the rule is inherited by child objects and how that inheritance is propagated.

AceEnumerator

提供遍历访问控制列表 (ACL) 中的访问控制项 (ACE) 的能力。Provides the ability to iterate through the access control entries (ACEs) in an access control list (ACL).

AuditRule

表示用户的标识和访问掩码的组合。Represents a combination of a user's identity and an access mask. AuditRule 对象还包含有关子对象如何继承规则、继承如何传播以及规则的审核条件是什么的信息。An AuditRule object also contains information about how the rule is inherited by child objects, how that inheritance is propagated, and for what conditions it is audited.

AuditRule<T>

表示用户的标识和访问掩码的组合。Represents a combination of a user's identity and an access mask.

AuthorizationRule

确定对安全对象的访问权限。Determines access to securable objects. 派生类 AccessRuleAuditRule 为访问和审核功能提供专用化。The derived classes AccessRule and AuditRule offer specializations for access and audit functionality.

AuthorizationRuleCollection

表示 AuthorizationRule 对象集合。Represents a collection of AuthorizationRule objects.

CommonAce

表示一个访问控制项 (ACE)。Represents an access control entry (ACE).

CommonAcl

表示访问控制列表 (ACL),并且是 DiscretionaryAclSystemAcl 类的基类。Represents an access control list (ACL) and is the base class for the DiscretionaryAcl and SystemAcl classes.

CommonObjectSecurity

无需直接操作访问控制列表 (ACL) 而控制对对象的访问。Controls access to objects without direct manipulation of access control lists (ACLs). 此类是 NativeObjectSecurity 类的抽象基类。This class is the abstract base class for the NativeObjectSecurity class.

CommonSecurityDescriptor

表示安全性说明符。Represents a security descriptor. 安全性说明符包含所有者、主要组、自由访问控制列表 (DACL) 和系统访问控制列表 (SACL)。A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL).

CompoundAce

表示复合访问控制项 (ACE)。Represents a compound Access Control Entry (ACE).

CryptoKeyAccessRule

表示加密密钥的访问规则。Represents an access rule for a cryptographic key. 访问规则表示用户的标识、访问掩码和访问控制类型(允许或拒绝)的组合。An access rule represents a combination of a user's identity, an access mask, and an access control type (allow or deny). 访问规则对象还包含有关子对象如何继承规则以及如何传播继承的信息。An access rule object also contains information about the how the rule is inherited by child objects and how that inheritance is propagated.

CryptoKeyAuditRule

表示加密密钥的审核规则。Represents an audit rule for a cryptographic key. 审核规则表示用户的标识和访问掩码的组合。An audit rule represents a combination of a user's identity and an access mask. 审核规则还包含有关子对象如何继承规则、如何传播继承以及规则的审核条件是什么的信息。An audit rule also contains information about the how the rule is inherited by child objects, how that inheritance is propagated, and for what conditions it is audited.

CryptoKeySecurity

提供无需直接操作访问控制列表 (ACL) 而控制对加密密钥对象的访问的能力。Provides the ability to control access to a cryptographic key object without direct manipulation of an Access Control List (ACL).

CustomAce

表示未由 AceType 枚举的成员之一定义的访问控制项 (ACE)。Represents an Access Control Entry (ACE) that is not defined by one of the members of the AceType enumeration.

DirectoryObjectSecurity

提供无需直接操作访问控制列表 (ACL) 而控制对目录对象的访问的能力。Provides the ability to control access to directory objects without direct manipulation of Access Control Lists (ACLs).

DirectorySecurity

表示目录的访问控制和审核安全。Represents the access control and audit security for a directory. 此类不能被继承。This class cannot be inherited.

DiscretionaryAcl

表示自由访问控制列表 (DACL)。Represents a Discretionary Access Control List (DACL).

EventWaitHandleAccessRule

表示一组允许或拒绝用户或组进行访问的权限。Represents a set of access rights allowed or denied for a user or group. 此类不能被继承。This class cannot be inherited.

EventWaitHandleAuditRule

表示要为用户或组审核的一组访问权限。Represents a set of access rights to be audited for a user or group. 此类不能被继承。This class cannot be inherited.

EventWaitHandleSecurity

表示应用于命名的系统等待句柄的 Windows 访问控制安全性。Represents the Windows access control security applied to a named system wait handle. 此类不能被继承。This class cannot be inherited.

FileSecurity

表示文件的访问控制和审核安全。Represents the access control and audit security for a file. 此类不能被继承。This class cannot be inherited.

FileSystemAccessRule

表示定义文件或目录的访问规则的访问控制项 (ACE) 的抽象。Represents an abstraction of an access control entry (ACE) that defines an access rule for a file or directory. 此类不能被继承。This class cannot be inherited.

FileSystemAuditRule

表示定义文件或目录的审核规则的访问控制项 (ACE) 的抽象。Represents an abstraction of an access control entry (ACE) that defines an audit rule for a file or directory. 此类不能被继承。This class cannot be inherited.

FileSystemSecurity

表示文件或目录的访问控制和审核安全。Represents the access control and audit security for a file or directory.

GenericAce

表示一个访问控制项 (ACE),并且是其他所有 ACE 类的基类。Represents an Access Control Entry (ACE), and is the base class for all other ACE classes.

GenericAcl

表示访问控制列表 (ACL),并且是 CommonAclDiscretionaryAclRawAclSystemAcl 类的基类。Represents an access control list (ACL) and is the base class for the CommonAcl, DiscretionaryAcl, RawAcl, and SystemAcl classes.

GenericSecurityDescriptor

表示安全性说明符。Represents a security descriptor. 安全性说明符包含所有者、主要组、自由访问控制列表 (DACL) 和系统访问控制列表 (SACL)。A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL).

KnownAce

封装 Microsoft Corporation 当前定义的所有访问控制项 (ACE) 类型。Encapsulates all Access Control Entry (ACE) types currently defined by Microsoft Corporation. 所有 KnownAce 对象都包含一个 32 位的访问掩码和一个 SecurityIdentifier 对象。All KnownAce objects contain a 32-bit access mask and a SecurityIdentifier object.

MutexAccessRule

表示一组允许或拒绝用户或组进行访问的权限。Represents a set of access rights allowed or denied for a user or group. 此类不能被继承。This class cannot be inherited.

MutexAuditRule

表示要为用户或组审核的一组访问权限。Represents a set of access rights to be audited for a user or group. 此类不能被继承。This class cannot be inherited.

MutexSecurity

表示命名的 mutex 的 Windows 访问控制安全性。Represents the Windows access control security for a named mutex. 此类不能被继承。This class cannot be inherited.

NativeObjectSecurity

提供无需直接操作访问控制列表 (ACL) 而控制对本机对象的访问的能力。Provides the ability to control access to native objects without direct manipulation of Access Control Lists (ACLs). 本机对象类型由 ResourceType 枚举定义。Native object types are defined by the ResourceType enumeration.

ObjectAccessRule

表示用户的标识、访问掩码和访问控制类型(允许或拒绝)的组合。Represents a combination of a user's identity, an access mask, and an access control type (allow or deny). ObjectAccessRule 对象还包含与以下内容有关的信息:应用规则的对象的类型、能够继承规则的子对象的类型、子对象继承该规则的方式以及继承的传播方式。An ObjectAccessRule object also contains information about the type of object to which the rule applies, the type of child object that can inherit the rule, how the rule is inherited by child objects, and how that inheritance is propagated.

ObjectAce

控制对目录服务对象的访问权限。Controls access to Directory Services objects. 此类表示与目录对象关联的访问控制项 (ACE)。This class represents an Access Control Entry (ACE) associated with a directory object.

ObjectAuditRule

表示用户的标识、访问掩码和审核条件的组合。Represents a combination of a user's identity, an access mask, and audit conditions. ObjectAuditRule 对象还包含与以下内容有关的信息:应用规则的对象的类型、能够继承规则的子对象的类型、子对象继承该规则的方式以及继承的传播方式。An ObjectAuditRule object also contains information about the type of object to which the rule applies, the type of child object that can inherit the rule, how the rule is inherited by child objects, and how that inheritance is propagated.

ObjectSecurity

在没有直接操作访问控制列表 (ACL) 的情况下,提供对对象的访问控制权限。Provides the ability to control access to objects without direct manipulation of Access Control Lists (ACLs). 此类是 CommonObjectSecurity 类和 DirectoryObjectSecurity 类的抽象基类。This class is the abstract base class for the CommonObjectSecurity and DirectoryObjectSecurity classes.

ObjectSecurity<T>

提供在不直接操作访问控制列表 (ACL) 的情况下控制对对象的访问权限的功能;还提供对访问权限进行类型转换的功能。Provides the ability to control access to objects without direct manipulation of Access Control Lists (ACLs); also grants the ability to type-cast access rights.

PrivilegeNotHeldException

System.Security.AccessControl 命名空间中的方法尝试启用它所不具备的特权时引发的异常。The exception that is thrown when a method in the System.Security.AccessControl namespace attempts to enable a privilege that it does not have.

QualifiedAce

表示包含限定符的访问控制项 (ACE)。Represents an Access Control Entry (ACE) that contains a qualifier. AceQualifier 对象表示的限定符指定 ACE 是允许访问、拒绝访问、导致系统审核或是导致系统警告。The qualifier, represented by an AceQualifier object, specifies whether the ACE allows access, denies access, causes system audits, or causes system alarms. QualifiedAce 类为 CommonAce 类和 ObjectAce 类的抽象基类。The QualifiedAce class is the abstract base class for the CommonAce and ObjectAce classes.

RawAcl

表示访问控制列表 (ACL)。Represents an Access Control List (ACL).

RawSecurityDescriptor

表示安全性说明符。Represents a security descriptor. 安全性说明符包含所有者、主要组、自由访问控制列表 (DACL) 和系统访问控制列表 (SACL)。A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL).

RegistryAccessRule

表示一组允许或拒绝用户或组进行访问的权限。Represents a set of access rights allowed or denied for a user or group. 此类不能被继承。This class cannot be inherited.

RegistryAuditRule

表示要为用户或组审核的一组访问权限。Represents a set of access rights to be audited for a user or group. 此类不能被继承。This class cannot be inherited.

RegistrySecurity

表示注册表项的 Windows 访问控制安全性。Represents the Windows access control security for a registry key. 此类不能被继承。This class cannot be inherited.

SemaphoreAccessRule

表示一组允许或拒绝用户或组进行访问的权限。Represents a set of access rights allowed or denied for a user or group. 此类不能被继承。This class cannot be inherited.

SemaphoreAuditRule

表示要为用户或组审核的一组访问权限。Represents a set of access rights to be audited for a user or group. 此类不能被继承。This class cannot be inherited.

SemaphoreSecurity

表示命名的信号量的 Windows 访问控制安全性。Represents the Windows access control security for a named semaphore. 此类不能被继承。This class cannot be inherited.

SystemAcl

表示系统访问控制列表 (SACL)。Represents a System Access Control List (SACL).

枚举

AccessControlActions

指定对可保护对象允许的操作。Specifies the actions that are permitted for securable objects.

AccessControlModification

指定要执行的访问控制修改的类型。 此枚举由 ObjectSecurity 类及其子类的方法使用。This enumeration is used by methods of the ObjectSecurity class and its descendents.

AccessControlSections

指定要保存或加载安全性说明符的哪些部分。Specifies which sections of a security descriptor to save or load.

AccessControlType

指定是否使用 AccessRule 对象来允许或拒绝访问。 这些值不是标志,不能组合它们。These values are not flags, and they cannot be combined.

AceFlags

指定访问控制项 (ACE) 的继承和审核行为。Specifies the inheritance and auditing behavior of an access control entry (ACE).

AceQualifier

指定访问控制项 (ACE) 的功能。Specifies the function of an access control entry (ACE).

AceType

定义可用的访问控制项 (ACE) 类型。Defines the available access control entry (ACE) types.

AuditFlags

指定用于审核对可保护对象的访问尝试的条件。Specifies the conditions for auditing attempts to access a securable object.

CompoundAceType

指定 CompoundAce 对象的类型。Specifies the type of a CompoundAce object.

ControlFlags

这些标志将影响安全性说明符的行为。These flags affect the security descriptor behavior.

CryptoKeyRights

指定授权规则控制其访问或审核的加密密钥操作。Specifies the cryptographic key operation for which an authorization rule controls access or auditing.

EventWaitHandleRights

指定可应用于命名的系统事件对象的访问控制权限。Specifies the access control rights that can be applied to named system event objects.

FileSystemRights

定义要在创建访问和审核规则时使用的访问权限。Defines the access rights to use when creating access and audit rules.

InheritanceFlags

继承标志指定访问控制项 (ACE) 的继承语义。Inheritance flags specify the semantics of inheritance for access control entries (ACEs).

MutexRights

指定可应用于命名的系统 mutex 对象的访问控制权限。Specifies the access control rights that can be applied to named system mutex objects.

ObjectAceFlags

指定访问控制项 (ACE) 的对象类型的存在性。Specifies the presence of object types for Access Control Entries (ACEs).

PropagationFlags

指定如何将访问面控制项 (ACE) 传播到子对象。Specifies how Access Control Entries (ACEs) are propagated to child objects. 仅当存在继承标志时,这些标志才有意义。These flags are significant only if inheritance flags are present.

RegistryRights

指定能够应用于注册表对象的访问控制权限。Specifies the access control rights that can be applied to registry objects.

ResourceType

指定已定义的本机对象类型。Specifies the defined native object types.

SecurityInfos

指定要查询或设置的安全性说明符的部分。Specifies the section of a security descriptor to be queried or set.

SemaphoreRights

指定可应用于命名的系统信号量对象的访问控制权限。Specifies the access control rights that can be applied to named system semaphore objects.

委托

NativeObjectSecurity.ExceptionFromErrorCode

为集成器提供一种将数字错误代码映射到它们创建的特定异常的方式。Provides a way for integrators to map numeric error codes to specific exceptions that they create.