CommonSecurityDescriptor.PurgeAccessControl(SecurityIdentifier) Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Removes all access rules for the specified security identifier from the Discretionary Access Control List (DACL) associated with this CommonSecurityDescriptor object.
public:
void PurgeAccessControl(System::Security::Principal::SecurityIdentifier ^ sid);
public void PurgeAccessControl (System.Security.Principal.SecurityIdentifier sid);
member this.PurgeAccessControl : System.Security.Principal.SecurityIdentifier -> unit
Public Sub PurgeAccessControl (sid As SecurityIdentifier)
Parameters
The security identifier for which to remove access rules.
Remarks
To avoid unintentionally allowing access to principals, applications should check for the existence of an allow everyone full access (AEFA) access control entry (ACE) and remove it before modifying a DACL.