FileSystemAuditRule 类

定义

表示定义文件或目录的审核规则的访问控制项 (ACE) 的抽象。 此类不能被继承。

public ref class FileSystemAuditRule sealed : System::Security::AccessControl::AuditRule
public sealed class FileSystemAuditRule : System.Security.AccessControl.AuditRule
[System.Security.SecurityCritical]
public sealed class FileSystemAuditRule : System.Security.AccessControl.AuditRule
type FileSystemAuditRule = class
    inherit AuditRule
[<System.Security.SecurityCritical>]
type FileSystemAuditRule = class
    inherit AuditRule
Public NotInheritable Class FileSystemAuditRule
Inherits AuditRule
继承
FileSystemAuditRule
属性

示例

下面的代码示例使用 FileSystemAuditRule 类添加审核规则,然后从文件中删除审核规则。 你必须提供有效的用户或组帐户以运行此示例。

using System;
using System.IO;
using System.Security.AccessControl;

namespace FileSystemExample
{
    class FileExample
    {
        public static void Main()
        {
            try
            {
                string FileName = "test.xml";

                Console.WriteLine("Adding access control entry for " + FileName);

                // Add the access control entry to the file.
                AddFileAuditRule(FileName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AuditFlags.Failure);

                Console.WriteLine("Removing access control entry from " + FileName);

                // Remove the access control entry from the file.
                RemoveFileAuditRule(FileName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AuditFlags.Failure);

                Console.WriteLine("Done.");
            }
            catch (IOException e)
            {
                Console.WriteLine("Unable to open the file: " + e.Message);
            }
            catch (PrivilegeNotHeldException e)
            {
                Console.WriteLine("The current account does not have the correct privileges: " + e.Message);
            }

            Console.ReadLine();
        }

        // Adds an ACL entry on the specified file for the specified account.
        public static void AddFileAuditRule(string FileName, string Account, FileSystemRights Rights, AuditFlags AuditRule)
        {

            // Get a FileSecurity object that represents the
            // current security settings.
            FileSecurity fSecurity = File.GetAccessControl(FileName);

            // Add the FileSystemAuditRule to the security settings.
            fSecurity.AddAuditRule(new FileSystemAuditRule(Account,
                                                            Rights,
                                                            AuditRule));

            // Set the new access settings.
            File.SetAccessControl(FileName, fSecurity);
        }

        // Removes an ACL entry on the specified file for the specified account.
        public static void RemoveFileAuditRule(string FileName, string Account, FileSystemRights Rights, AuditFlags AuditRule)
        {

            // Get a FileSecurity object that represents the
            // current security settings.
            FileSecurity fSecurity = File.GetAccessControl(FileName);

            // Add the FileSystemAuditRule to the security settings.
            fSecurity.RemoveAuditRule(new FileSystemAuditRule(Account,
                                                            Rights,
                                                            AuditRule));

            // Set the new access settings.
            File.SetAccessControl(FileName, fSecurity);
        }
    }
}
Imports System.IO
Imports System.Security.AccessControl



Module FileExample

    Sub Main()
        Try
            Dim FileName As String = "test.xml"

            Console.WriteLine("Adding access control entry for " + FileName)

            ' Add the access control entry to the file.
            AddFileAuditRule(FileName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AuditFlags.Failure)

            Console.WriteLine("Removing access control entry from " + FileName)

            ' Remove the access control entry from the file.
            RemoveFileAuditRule(FileName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AuditFlags.Failure)

            Console.WriteLine("Done.")
        Catch e As IOException
            Console.WriteLine("Unable to open the file: " & e.Message)
        Catch e As PrivilegeNotHeldException
            Console.WriteLine("The current account does not have the correct privileges: " & e.Message)
        End Try

        Console.ReadLine()

    End Sub


    ' Adds an ACL entry on the specified file for the specified account.
    Sub AddFileAuditRule(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal AuditRule As AuditFlags)


        ' Get a FileSecurity object that represents the 
        ' current security settings.
        Dim fSecurity As FileSecurity = File.GetAccessControl(FileName)

        ' Add the FileSystemAuditRule to the security settings. 
        fSecurity.AddAuditRule(New FileSystemAuditRule(Account, Rights, AuditRule))

        ' Set the new access settings.
        File.SetAccessControl(FileName, fSecurity)

    End Sub


    ' Removes an ACL entry on the specified file for the specified account.
    Sub RemoveFileAuditRule(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal AuditRule As AuditFlags)

        ' Get a FileSecurity object that represents the 
        ' current security settings.
        Dim fSecurity As FileSecurity = File.GetAccessControl(FileName)

        ' Add the FileSystemAuditRule to the security settings. 
        fSecurity.RemoveAuditRule(New FileSystemAuditRule(Account, Rights, AuditRule))

        ' Set the new access settings.
        File.SetAccessControl(FileName, fSecurity)

    End Sub
End Module

注解

FileSystemAuditRule 表示基础访问控制项 (ACE) 的抽象,它指定用户帐户、提供 (读取、写入等) 的访问类型,以及是否执行审核。 此类还可以指定如何从 中继承审核规则并将其传播到对象。

若要允许在 Windows NT 或更高版本上进行文件和目录审核,必须在计算机上启用审核访问安全策略。 默认情况下,此策略设置为“无审核”。

若要启用审核访问安全策略,请执行以下步骤:

  1. 打开“管理工具”文件夹中的“ 本地安全设置 ”Microsoft 管理控制台 (MMC) 管理单元。

  2. 展开“本地策略”文件夹,然后左键单击“审核策略”文件夹。

  3. 双击 MMC 管理单元右窗格中的“ 审核对象访问 ”条目,或右键单击并选择“属性”以显示“ 审核对象访问属性 ”对话框。

  4. 选择“成功”或“失败检查框以记录成功或失败。

请注意,用户帐户的审核规则需要同一用户帐户的相应访问规则。

FileSystemAuditRule使用 类创建新的审核规则。 可以使用 或 DirectorySecurity 类保留此规则FileSecurity

构造函数

FileSystemAuditRule(IdentityReference, FileSystemRights, AuditFlags)

使用以下内容初始化 FileSystemAuditRule 类的新实例:对用户帐户的引用、指定与审核规则关联的操作的类型的值,以及指定何时执行审核的值。

FileSystemAuditRule(IdentityReference, FileSystemRights, InheritanceFlags, PropagationFlags, AuditFlags)

使用以下内容初始化 FileSystemAuditRule 类的新实例:对用户帐户的引用的名称、指定与审核规则关联的操作的类型的值、确定如何继承权限的值、确定如何传播权限的值,以及指定何时执行审核的值。

FileSystemAuditRule(String, FileSystemRights, AuditFlags)

使用以下内容初始化 FileSystemAuditRule 类的新实例:用户帐户名称、指定与审核规则关联的操作的类型的值,以及指定何时执行审核的值。

FileSystemAuditRule(String, FileSystemRights, InheritanceFlags, PropagationFlags, AuditFlags)

使用以下内容初始化 FileSystemAuditRule 类的新实例:用户帐户的名称、指定与审核规则关联的操作的类型的值、确定如何继承权限的值、确定如何传播权限的值,以及指定何时执行审核的值。

属性

AccessMask

获取此规则的访问掩码。

(继承自 AuthorizationRule)
AuditFlags

获取此审核规则的审核标志。

(继承自 AuditRule)
FileSystemRights

获取与当前 FileSystemRights 对象关联的 FileSystemAuditRule 标志。

IdentityReference

获取对其应用此规则的 IdentityReference

(继承自 AuthorizationRule)
InheritanceFlags

获取用于确定子对象如何继承此规则的标志的值。

(继承自 AuthorizationRule)
IsInherited

获取一个值,该值指示此规则是否为显式设置或继承自父级容器对象。

(继承自 AuthorizationRule)
PropagationFlags

获取传播标志的值,该值确定如何将此规则的继承传播到子对象。 仅当 InheritanceFlags 枚举的值不为 None 时,此属性才有意义。

(继承自 AuthorizationRule)

方法

Equals(Object)

确定指定对象是否等于当前对象。

(继承自 Object)
GetHashCode()

作为默认哈希函数。

(继承自 Object)
GetType()

获取当前实例的 Type

(继承自 Object)
MemberwiseClone()

创建当前 Object 的浅表副本。

(继承自 Object)
ToString()

返回表示当前对象的字符串。

(继承自 Object)

适用于