RegistrySecurity.RemoveAccessRuleSpecific(RegistryAccessRule) Método
Definição
Importante
Algumas informações se referem a produtos de pré-lançamento que podem ser substancialmente modificados antes do lançamento. A Microsoft não oferece garantias, expressas ou implícitas, das informações aqui fornecidas.
Pesquisa por uma regra de controle de acesso que corresponda exatamente à regra especificada e, se encontrada, remove-a.
public:
void RemoveAccessRuleSpecific(System::Security::AccessControl::RegistryAccessRule ^ rule);public void RemoveAccessRuleSpecific (System.Security.AccessControl.RegistryAccessRule rule);override this.RemoveAccessRuleSpecific : System.Security.AccessControl.RegistryAccessRule -> unitPublic Sub RemoveAccessRuleSpecific (rule As RegistryAccessRule)Parâmetros
- rule
- RegistryAccessRule
O RegistryAccessRule a ser removido.
Exceções
rule é null.
Exemplos
O exemplo de código a seguir mostra que o RemoveAccessRuleSpecific método remove uma regra somente se corresponder exatamente.
O exemplo cria duas regras que permitem direitos diferentes. As regras têm sinalizadores de herança e propagação compatíveis, portanto, quando a segunda regra é adicionada, ela se mescla com a primeira. O exemplo chama o RemoveAccessRuleSpecific método , especificando a primeira regra, mas como as regras são mescladas, não há nenhuma regra que corresponda. Em seguida, o exemplo chama o RemoveAccessRule método para remover a segunda regra da regra mesclada e, por fim, chama o RemoveAccessRuleSpecific método para remover a primeira regra.
Observação
Este exemplo não anexa o objeto de segurança a um RegistryKey objeto . Consulte o RegistryKey.GetAccessControl método e o RegistryKey.SetAccessControl método .
using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;
public class Example
{
public static void Main()
{
string user = Environment.UserDomainName + "\\"
+ Environment.UserName;
// Create a security object that grants no access.
RegistrySecurity mSec = new RegistrySecurity();
// Add a rule that grants the current user the right
// to read and enumerate the name/value pairs in a key,
// to read its access and audit rules, to enumerate
// its subkeys, to create subkeys, and to delete the key.
// The rule is inherited by all contained subkeys.
//
RegistryAccessRule rule1 = new RegistryAccessRule(user,
RegistryRights.ReadKey | RegistryRights.WriteKey
| RegistryRights.Delete,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow);
mSec.AddAccessRule(rule1);
// Add a rule that allows the current user the right
// right to take ownership of a key, using the same
// inheritance and propagation flags. This rule
// merges with the first rule.
RegistryAccessRule rule2 = new RegistryAccessRule(user,
RegistryRights.ChangePermissions,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow);
mSec.AddAccessRule(rule2);
// Display the rules in the security object.
ShowSecurity(mSec);
// Attempt to use RemoveRuleSpecific to remove the
// first rule. The removal fails, because the rule
// in the RegistrySecurity object has been altered.
mSec.RemoveAccessRuleSpecific(rule1);
// Show that the rule was not removed.
ShowSecurity(mSec);
// Use the RemoveAccessRule method to remove rule2,
// and then use RemoveAccessRuleSpecific to remove
// rule1.
mSec.RemoveAccessRule(rule2);
mSec.RemoveAccessRuleSpecific(rule1);
// Show that the rules have been removed.
ShowSecurity(mSec);
}
private static void ShowSecurity(RegistrySecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach( RegistryAccessRule ar in
security.GetAccessRules(true, true, typeof(NTAccount)) )
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.RegistryRights);
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
Console.WriteLine(" Inherited? {0}", ar.IsInherited);
Console.WriteLine();
}
}
}
/* This code example produces output similar to following:
Current access rules:
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey, ChangePermissions
Inheritance: ContainerInherit
Propagation: None
Inherited? False
Current access rules:
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey, ChangePermissions
Inheritance: ContainerInherit
Propagation: None
Inherited? False
Current access rules:
*/
Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32
Public Class Example
Public Shared Sub Main()
Dim user As String = Environment.UserDomainName _
& "\" & Environment.UserName
' Create a security object that grants no access.
Dim mSec As New RegistrySecurity()
' Add a rule that grants the current user the right
' to read and enumerate the name/value pairs in a key,
' to read its access and audit rules, to enumerate
' its subkeys, to create subkeys, and to delete the key.
' The rule is inherited by all contained subkeys.
'
Dim rule1 As New RegistryAccessRule(user, _
RegistryRights.ReadKey Or RegistryRights.WriteKey _
Or RegistryRights.Delete, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.None, _
AccessControlType.Allow)
mSec.AddAccessRule(rule1)
' Add a rule that allows the current user the right
' right to take ownership of a key, using the same
' inheritance and propagation flags. This rule
' merges with the first rule.
Dim rule2 As New RegistryAccessRule(user, _
RegistryRights.ChangePermissions, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.None, _
AccessControlType.Allow)
mSec.AddAccessRule(rule2)
' Display the rules in the security object.
ShowSecurity(mSec)
' Attempt to use RemoveRuleSpecific to remove the
' first rule. The removal fails, because the rule
' in the RegistrySecurity object has been altered.
mSec.RemoveAccessRuleSpecific(rule1)
' Show that the rule was not removed.
ShowSecurity(mSec)
' Use the RemoveAccessRule method to remove rule2,
' and then use RemoveAccessRuleSpecific to remove
' rule1.
mSec.RemoveAccessRule(rule2)
mSec.RemoveAccessRuleSpecific(rule1)
' Show that the rules have been removed.
ShowSecurity(mSec)
End Sub
Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)
For Each ar As RegistryAccessRule In _
security.GetAccessRules(True, True, GetType(NTAccount))
Console.WriteLine(" User: {0}", ar.IdentityReference)
Console.WriteLine(" Type: {0}", ar.AccessControlType)
Console.WriteLine(" Rights: {0}", ar.RegistryRights)
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
Console.WriteLine(" Inherited? {0}", ar.IsInherited)
Console.WriteLine()
Next
End Sub
End Class
'This code example produces output similar to following:
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey, ChangePermissions
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? False
'
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey, ChangePermissions
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? False
'
'
'Current access rules:
'
Comentários
A regra será removida somente se corresponder rule exatamente a todos os detalhes, incluindo sinalizadores. Outras regras com o mesmo usuário e AccessControlType não são afetadas.
Importante
Uma regra representa uma ou mais ACE (entradas de controle de acesso) subjacentes, e essas entradas são divididas ou combinadas conforme necessário quando você modifica as regras de segurança de acesso para um usuário. Portanto, uma regra pode não existir mais na forma específica que tinha quando foi adicionada e, nesse caso, o RemoveAccessRuleSpecific método não pode removê-la.
