ObjectSecurity.SetAccessRuleProtection(Boolean, Boolean) Method

Reference

Definition

Namespace:: System.Security.AccessControl

Assembly:: System.Security.AccessControl.dll

Assembly:: mscorlib.dll

Package:: System.Security.AccessControl v6.0.1

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Sets or removes protection of the access rules associated with this ObjectSecurity object. Protected access rules cannot be modified by parent objects through inheritance.

public:
 void SetAccessRuleProtection(bool isProtected, bool preserveInheritance);

public void SetAccessRuleProtection (bool isProtected, bool preserveInheritance);

member this.SetAccessRuleProtection : bool * bool -> unit

Public Sub SetAccessRuleProtection (isProtected As Boolean, preserveInheritance As Boolean)

Parameters

isProtected: Boolean

true to protect the access rules associated with this ObjectSecurity object from inheritance; false to allow inheritance.

preserveInheritance: Boolean

true to preserve inherited access rules; false to remove inherited access rules. This parameter is ignored if isProtected is false.

Exceptions

InvalidOperationException

This method attempts to remove inherited rules from a non-canonical Discretionary Access Control List (DACL).

Remarks

When you call the method with isProtected=true and preserveInheritance=true, you need to walk the new ACL of the object and check for DENY type ACEs. For a canonically sorted DACL, the DENY ACEs must appear in the front of the DACL. For more information on the canonical ordering of ACLs, see Order of ACEs in a DACL.

Applies to

Share via