RegistryAccessRule 类
定义
重要
一些信息与预发行产品相关,相应产品在发行之前可能会进行重大修改。 对于此处提供的信息,Microsoft 不作任何明示或暗示的担保。
表示一组允许或拒绝用户或组进行访问的权限。 此类不能被继承。
public ref class RegistryAccessRule sealed : System::Security::AccessControl::AccessRulepublic sealed class RegistryAccessRule : System.Security.AccessControl.AccessRule[System.Security.SecurityCritical]
public sealed class RegistryAccessRule : System.Security.AccessControl.AccessRuletype RegistryAccessRule = class
inherit AccessRule[<System.Security.SecurityCritical>]
type RegistryAccessRule = class
inherit AccessRulePublic NotInheritable Class RegistryAccessRule
Inherits AccessRule- 继承
- 属性
示例
下面的代码示例演示了具有继承和传播的访问规则。 该示例创建一个 RegistrySecurity 对象,然后创建并添加两个具有 标志 ContainerInherit 的规则。 第一个规则没有传播标志,而第二个规则具有 NoPropagateInherit 和 InheritOnly。
程序在 对象中 RegistrySecurity 显示规则,然后使用 对象创建子项。 程序创建一个子子项和一个孙子项,然后显示每个子项的安全性。 最后,程序删除测试密钥。
using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;
public class Example
{
public static void Main()
{
const string TestKey = "TestKey3927";
RegistryKey cu = Registry.CurrentUser;
string user = Environment.UserDomainName +
"\\" + Environment.UserName;
// Create a security object that grants no access.
RegistrySecurity mSec = new RegistrySecurity();
// Add a rule that grants the current user the right
// to read and enumerate the name/value pairs in a key,
// to read its access and audit rules, to enumerate
// its subkeys, to create subkeys, and to delete the key.
// The rule is inherited by all contained subkeys.
//
RegistryAccessRule rule = new RegistryAccessRule(user,
RegistryRights.ReadKey | RegistryRights.WriteKey
| RegistryRights.Delete,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow
);
mSec.AddAccessRule(rule);
// Add a rule that allows the current user the right
// right to set the name/value pairs in a key.
// This rule is inherited by contained subkeys, but
// propagation flags limit it to immediate child
// subkeys.
rule = new RegistryAccessRule(user,
RegistryRights.ChangePermissions,
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly |
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Display the rules in the security object.
ShowSecurity(mSec);
// Create the test key using the security object.
//
RegistryKey rk = cu.CreateSubKey(TestKey,
RegistryKeyPermissionCheck.ReadWriteSubTree, mSec);
// Create a child subkey and a grandchild subkey,
// without security.
RegistryKey rkChild = rk.CreateSubKey("ChildKey",
RegistryKeyPermissionCheck.ReadWriteSubTree);
RegistryKey rkGrandChild =
rkChild.CreateSubKey("GrandChildKey",
RegistryKeyPermissionCheck.ReadWriteSubTree);
Show(rk);
Show(rkChild);
Show(rkGrandChild);
rkGrandChild.Close();
rkChild.Close();
rk.Close();
cu.DeleteSubKeyTree(TestKey);
}
private static void Show(RegistryKey rk)
{
Console.WriteLine(rk.Name);
ShowSecurity(rk.GetAccessControl());
}
private static void ShowSecurity(RegistrySecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach( RegistryAccessRule ar in security.GetAccessRules(true, true, typeof(NTAccount)) )
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.RegistryRights);
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
Console.WriteLine(" Inherited? {0}", ar.IsInherited);
Console.WriteLine();
}
}
}
/* This code example produces output similar to following:
Current access rules:
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: ChangePermissions
Inheritance: ContainerInherit
Propagation: NoPropagateInherit, InheritOnly
Inherited? False
HKEY_CURRENT_USER\TestKey3927
Current access rules:
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: ChangePermissions
Inheritance: ContainerInherit
Propagation: NoPropagateInherit, InheritOnly
Inherited? False
HKEY_CURRENT_USER\TestKey3927\ChildKey
Current access rules:
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? True
User: TestDomain\TestUser
Type: Allow
Rights: ChangePermissions
Inheritance: None
Propagation: None
Inherited? True
HKEY_CURRENT_USER\TestKey3927\ChildKey\GrandChildKey
Current access rules:
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? True
*/
Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32
Public Class Example
Public Shared Sub Main()
Const TestKey As String = "TestKey3927"
Dim cu As RegistryKey = Registry.CurrentUser
Dim user As String = Environment.UserDomainName _
& "\" & Environment.UserName
' Create a security object that grants no access.
Dim mSec As New RegistrySecurity()
' Add a rule that grants the current user the right
' to read and enumerate the name/value pairs in a key,
' to read its access and audit rules, to enumerate
' its subkeys, to create subkeys, and to delete the key.
' The rule is inherited by all contained subkeys.
'
Dim rule As New RegistryAccessRule(user, _
RegistryRights.ReadKey Or RegistryRights.WriteKey _
Or RegistryRights.Delete, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.None, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Add a rule that allows the current user the right
' right to set the name/value pairs in a key.
' This rule is inherited by contained subkeys, but
' propagation flags limit it to immediate child
' subkeys.
rule = New RegistryAccessRule(user, _
RegistryRights.ChangePermissions, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Display the rules in the security object.
ShowSecurity(mSec)
' Create the test key using the security object.
'
Dim rk As RegistryKey = cu.CreateSubKey(TestKey, _
RegistryKeyPermissionCheck.ReadWriteSubTree, _
mSec)
' Create a child subkey and a grandchild subkey,
' without security.
Dim rkChild As RegistryKey= rk.CreateSubKey("ChildKey", _
RegistryKeyPermissionCheck.ReadWriteSubTree)
Dim rkGrandChild As RegistryKey = _
rkChild.CreateSubKey("GrandChildKey", _
RegistryKeyPermissionCheck.ReadWriteSubTree)
Show(rk)
Show(rkChild)
Show(rkGrandChild)
rkGrandChild.Close()
rkChild.Close()
rk.Close()
cu.DeleteSubKeyTree(TestKey)
End Sub
Private Shared Sub Show(ByVal rk As RegistryKey)
Console.WriteLine(rk.Name)
ShowSecurity(rk.GetAccessControl())
End Sub
Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)
For Each ar As RegistryAccessRule In _
security.GetAccessRules(True, True, GetType(NTAccount))
Console.WriteLine(" User: {0}", ar.IdentityReference)
Console.WriteLine(" Type: {0}", ar.AccessControlType)
Console.WriteLine(" Rights: {0}", ar.RegistryRights)
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
Console.WriteLine(" Inherited? {0}", ar.IsInherited)
Console.WriteLine()
Next
End Sub
End Class
'This code example produces output similar to following:
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ChangePermissions
' Inheritance: ContainerInherit
' Propagation: NoPropagateInherit, InheritOnly
' Inherited? False
'
'HKEY_CURRENT_USER\TestKey3927
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ChangePermissions
' Inheritance: ContainerInherit
' Propagation: NoPropagateInherit, InheritOnly
' Inherited? False
'
'HKEY_CURRENT_USER\TestKey3927\ChildKey
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? True
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ChangePermissions
' Inheritance: None
' Propagation: None
' Inherited? True
'
'HKEY_CURRENT_USER\TestKey3927\ChildKey\GrandChildKey
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? True
注解
类RegistryAccessRule是.NET Framework提供的一组类之一,用于管理注册表项上的 Windows 访问控制安全性。 有关这些类及其与基础 Windows 访问控制结构的关系的概述,请参阅 RegistrySecurity。
注意
Windows 访问控制安全性只能应用于注册表项。 它不能应用于存储在密钥中的单个键/值对。
若要获取当前应用于注册表项的规则列表,请使用 RegistryKey.GetAccessControl 方法获取 RegistrySecurity 对象,然后使用其 GetAccessRules 方法获取对象的集合 RegistryAccessRule 。
RegistryAccessRule 对象不会在 DACL) 的基础自由裁量控制访问列表中 (一对一地映射访问控制项。 获取注册表项的所有访问规则集时,该集包含当前表示所有访问控制项所需的最小规则数。
注意
应用和删除规则时,基础访问控制条目会更改。 如果可能,将合并规则中的信息,以保持最少数量的访问控制条目。 因此,在阅读当前规则列表时,它看起来可能与添加的所有规则的列表不完全相同。
使用 RegistryAccessRule 对象指定允许或拒绝用户或组的访问权限。 对象 RegistryAccessRule 始终表示允许的访问或拒绝的访问,从不同时表示这两者。
若要将规则应用于注册表项,请使用 RegistryKey.GetAccessControl 方法获取 RegistrySecurity 对象。 RegistrySecurity通过使用对象的方法添加规则来修改对象,然后使用 RegistryKey.SetAccessControl 方法重新附加安全对象。
重要
在调用 RegistryKey.SetAccessControl 方法将RegistrySecurity更改的安全对象分配给注册表项之前,对对象所做的更改不会影响注册表项的访问级别。
RegistryAccessRule 对象是不可变的。 使用 类的方法 RegistrySecurity 修改注册表项的安全性以添加或删除规则;执行此操作时,会修改基础访问控制项。
构造函数
| RegistryAccessRule(IdentityReference, RegistryRights, AccessControlType) |
初始化 RegistryAccessRule 类的新实例,指定此规则应用到的用户或组、访问权限以及是否允许或拒绝指定的访问权限。 |
| RegistryAccessRule(IdentityReference, RegistryRights, InheritanceFlags, PropagationFlags, AccessControlType) |
初始化 RegistryAccessRule 类的新实例,指定此规则应用到的用户或组、访问权限、传播标志以及是否允许或拒绝指定的访问权限。 |
| RegistryAccessRule(String, RegistryRights, AccessControlType) |
初始化 RegistryAccessRule 类的新实例,指定应用此规则的用户或组的名称、访问权限以及是否允许或拒绝指定的访问权限。 |
| RegistryAccessRule(String, RegistryRights, InheritanceFlags, PropagationFlags, AccessControlType) |
初始化 RegistryAccessRule 类的新实例,指定应用此规则的用户或组的名称、访问权限、传播标志以及是否允许或拒绝指定的访问权限。 |
属性
| AccessControlType |
获取与此 AccessControlType 对象关联的 AccessRule 对象。 (继承自 AccessRule) |
| AccessMask |
获取此规则的访问掩码。 (继承自 AuthorizationRule) |
| IdentityReference |
获取对其应用此规则的 IdentityReference。 (继承自 AuthorizationRule) |
| InheritanceFlags |
获取用于确定子对象如何继承此规则的标志的值。 (继承自 AuthorizationRule) |
| IsInherited |
获取一个值,该值指示此规则是否为显式设置或继承自父级容器对象。 (继承自 AuthorizationRule) |
| PropagationFlags |
获取传播标志的值,该值确定如何将此规则的继承传播到子对象。 仅当 InheritanceFlags 枚举的值不为 None 时,此属性才有意义。 (继承自 AuthorizationRule) |
| RegistryRights |
获取访问规则允许或拒绝的权限。 |
方法
| Equals(Object) |
确定指定对象是否等于当前对象。 (继承自 Object) |
| GetHashCode() |
作为默认哈希函数。 (继承自 Object) |
| GetType() |
获取当前实例的 Type。 (继承自 Object) |
| MemberwiseClone() |
创建当前 Object 的浅表副本。 (继承自 Object) |
| ToString() |
返回表示当前对象的字符串。 (继承自 Object) |
