System.Security.AccessControl Namespace
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Provides programming elements that control access to and audit security-related actions on securable objects.
Classes
| AccessRule |
Represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An AccessRule object also contains information about how the rule is inherited by child objects and how that inheritance is propagated. |
| AccessRule<T> |
Represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An AccessRule`1 object also contains information about the how the rule is inherited by child objects and how that inheritance is propagated. |
| AceEnumerator |
Provides the ability to iterate through the access control entries (ACEs) in an access control list (ACL). |
| AuditRule |
Represents a combination of a user's identity and an access mask. An AuditRule object also contains information about how the rule is inherited by child objects, how that inheritance is propagated, and for what conditions it is audited. |
| AuditRule<T> |
Represents a combination of a user's identity and an access mask. |
| AuthorizationRule |
Determines access to securable objects. The derived classes AccessRule and AuditRule offer specializations for access and audit functionality. |
| AuthorizationRuleCollection |
Represents a collection of AuthorizationRule objects. |
| CommonAce |
Represents an access control entry (ACE). |
| CommonAcl |
Represents an access control list (ACL) and is the base class for the DiscretionaryAcl and SystemAcl classes. |
| CommonObjectSecurity |
Controls access to objects without direct manipulation of access control lists (ACLs). This class is the abstract base class for the NativeObjectSecurity class. |
| CommonSecurityDescriptor |
Represents a security descriptor. A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL). |
| CompoundAce |
Represents a compound Access Control Entry (ACE). |
| CryptoKeyAccessRule |
Represents an access rule for a cryptographic key. An access rule represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An access rule object also contains information about the how the rule is inherited by child objects and how that inheritance is propagated. |
| CryptoKeyAuditRule |
Represents an audit rule for a cryptographic key. An audit rule represents a combination of a user's identity and an access mask. An audit rule also contains information about the how the rule is inherited by child objects, how that inheritance is propagated, and for what conditions it is audited. |
| CryptoKeySecurity |
Provides the ability to control access to a cryptographic key object without direct manipulation of an Access Control List (ACL). |
| CustomAce |
Represents an Access Control Entry (ACE) that is not defined by one of the members of the AceType enumeration. |
| DirectoryObjectSecurity |
Provides the ability to control access to directory objects without direct manipulation of Access Control Lists (ACLs). |
| DirectorySecurity |
Represents the access control and audit security for a directory. This class cannot be inherited. |
| DiscretionaryAcl |
Represents a Discretionary Access Control List (DACL). |
| EventWaitHandleAccessRule |
Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited. |
| EventWaitHandleAuditRule |
Represents a set of access rights to be audited for a user or group. This class cannot be inherited. |
| EventWaitHandleSecurity |
Represents the Windows access control security applied to a named system wait handle. This class cannot be inherited. |
| FileSecurity |
Represents the access control and audit security for a file. This class cannot be inherited. |
| FileSystemAccessRule |
Represents an abstraction of an access control entry (ACE) that defines an access rule for a file or directory. This class cannot be inherited. |
| FileSystemAuditRule |
Represents an abstraction of an access control entry (ACE) that defines an audit rule for a file or directory. This class cannot be inherited. |
| FileSystemSecurity |
Represents the access control and audit security for a file or directory. |
| GenericAce |
Represents an Access Control Entry (ACE), and is the base class for all other ACE classes. |
| GenericAcl |
Represents an access control list (ACL) and is the base class for the CommonAcl, DiscretionaryAcl, RawAcl, and SystemAcl classes. |
| GenericSecurityDescriptor |
Represents a security descriptor. A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL). |
| KnownAce |
Encapsulates all Access Control Entry (ACE) types currently defined by Microsoft Corporation. All KnownAce objects contain a 32-bit access mask and a SecurityIdentifier object. |
| MutexAccessRule |
Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited. |
| MutexAuditRule |
Represents a set of access rights to be audited for a user or group. This class cannot be inherited. |
| MutexSecurity |
Represents the Windows access control security for a named mutex. This class cannot be inherited. |
| NativeObjectSecurity |
Provides the ability to control access to native objects without direct manipulation of Access Control Lists (ACLs). Native object types are defined by the ResourceType enumeration. |
| ObjectAccessRule |
Represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An ObjectAccessRule object also contains information about the type of object to which the rule applies, the type of child object that can inherit the rule, how the rule is inherited by child objects, and how that inheritance is propagated. |
| ObjectAce |
Controls access to Directory Services objects. This class represents an Access Control Entry (ACE) associated with a directory object. |
| ObjectAuditRule |
Represents a combination of a user's identity, an access mask, and audit conditions. An ObjectAuditRule object also contains information about the type of object to which the rule applies, the type of child object that can inherit the rule, how the rule is inherited by child objects, and how that inheritance is propagated. |
| ObjectSecurity |
Provides the ability to control access to objects without direct manipulation of Access Control Lists (ACLs). This class is the abstract base class for the CommonObjectSecurity and DirectoryObjectSecurity classes. |
| ObjectSecurity<T> |
Provides the ability to control access to objects without direct manipulation of Access Control Lists (ACLs); also grants the ability to type-cast access rights. |
| PrivilegeNotHeldException |
The exception that is thrown when a method in the System.Security.AccessControl namespace attempts to enable a privilege that it does not have. |
| QualifiedAce |
Represents an Access Control Entry (ACE) that contains a qualifier. The qualifier, represented by an AceQualifier object, specifies whether the ACE allows access, denies access, causes system audits, or causes system alarms. The QualifiedAce class is the abstract base class for the CommonAce and ObjectAce classes. |
| RawAcl |
Represents an Access Control List (ACL). |
| RawSecurityDescriptor |
Represents a security descriptor. A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL). |
| RegistryAccessRule |
Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited. |
| RegistryAuditRule |
Represents a set of access rights to be audited for a user or group. This class cannot be inherited. |
| RegistrySecurity |
Represents the Windows access control security for a registry key. This class cannot be inherited. |
| SemaphoreAccessRule |
Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited. |
| SemaphoreAuditRule |
Represents a set of access rights to be audited for a user or group. This class cannot be inherited. |
| SemaphoreSecurity |
Represents the Windows access control security for a named semaphore. This class cannot be inherited. |
| SystemAcl |
Represents a System Access Control List (SACL). |
Enums
| AccessControlActions |
Specifies the actions that are permitted for securable objects. |
| AccessControlModification |
Specifies the type of access control modification to perform. This enumeration is used by methods of the ObjectSecurity class and its descendants. |
| AccessControlSections |
Specifies which sections of a security descriptor to save or load. |
| AccessControlType |
Specifies whether an AccessRule object is used to allow or deny access. These values are not flags, and they cannot be combined. |
| AceFlags |
Specifies the inheritance and auditing behavior of an access control entry (ACE). |
| AceQualifier |
Specifies the function of an access control entry (ACE). |
| AceType |
Defines the available access control entry (ACE) types. |
| AuditFlags |
Specifies the conditions for auditing attempts to access a securable object. |
| CompoundAceType |
Specifies the type of a CompoundAce object. |
| ControlFlags |
These flags affect the security descriptor behavior. |
| CryptoKeyRights |
Specifies the cryptographic key operation for which an authorization rule controls access or auditing. |
| EventWaitHandleRights |
Specifies the access control rights that can be applied to named system event objects. |
| FileSystemRights |
Defines the access rights to use when creating access and audit rules. |
| InheritanceFlags |
Inheritance flags specify the semantics of inheritance for access control entries (ACEs). |
| MutexRights |
Specifies the access control rights that can be applied to named system mutex objects. |
| ObjectAceFlags |
Specifies the presence of object types for Access Control Entries (ACEs). |
| PropagationFlags |
Specifies how Access Control Entries (ACEs) are propagated to child objects. These flags are significant only if inheritance flags are present. |
| RegistryRights |
Specifies the access control rights that can be applied to registry objects. |
| ResourceType |
Specifies the defined native object types. |
| SecurityInfos |
Specifies the section of a security descriptor to be queried or set. |
| SemaphoreRights |
Specifies the access control rights that can be applied to named system semaphore objects. |
Delegates
| NativeObjectSecurity.ExceptionFromErrorCode |
Provides a way for integrators to map numeric error codes to specific exceptions that they create. |
