RegistryAccessRule 類別
定義
重要
部分資訊涉及發行前產品,在發行之前可能會有大幅修改。 Microsoft 對此處提供的資訊,不做任何明確或隱含的瑕疵擔保。
表示允許或拒絕使用者或群組的一組存取權限。 此類別無法獲得繼承。
public ref class RegistryAccessRule sealed : System::Security::AccessControl::AccessRulepublic sealed class RegistryAccessRule : System.Security.AccessControl.AccessRule[System.Security.SecurityCritical]
public sealed class RegistryAccessRule : System.Security.AccessControl.AccessRuletype RegistryAccessRule = class
inherit AccessRule[<System.Security.SecurityCritical>]
type RegistryAccessRule = class
inherit AccessRulePublic NotInheritable Class RegistryAccessRule
Inherits AccessRule- 繼承
- 屬性
範例
下列程式代碼範例示範繼承和傳播的存取規則。 此範例會 RegistrySecurity 建立 對象,然後建立並新增兩個具有 ContainerInherit 旗標的規則。 第一個規則沒有傳播旗標,而第二個規則則具有 NoPropagateInherit 和 InheritOnly。
程式會顯示 物件中的 RegistrySecurity 規則,然後使用 物件來建立子機碼。 程式會建立子子機碼和子機碼,然後顯示每個子機碼的安全性。 最後,程式會刪除測試金鑰。
using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;
public class Example
{
public static void Main()
{
const string TestKey = "TestKey3927";
RegistryKey cu = Registry.CurrentUser;
string user = Environment.UserDomainName +
"\\" + Environment.UserName;
// Create a security object that grants no access.
RegistrySecurity mSec = new RegistrySecurity();
// Add a rule that grants the current user the right
// to read and enumerate the name/value pairs in a key,
// to read its access and audit rules, to enumerate
// its subkeys, to create subkeys, and to delete the key.
// The rule is inherited by all contained subkeys.
//
RegistryAccessRule rule = new RegistryAccessRule(user,
RegistryRights.ReadKey | RegistryRights.WriteKey
| RegistryRights.Delete,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow
);
mSec.AddAccessRule(rule);
// Add a rule that allows the current user the right
// right to set the name/value pairs in a key.
// This rule is inherited by contained subkeys, but
// propagation flags limit it to immediate child
// subkeys.
rule = new RegistryAccessRule(user,
RegistryRights.ChangePermissions,
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly |
PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Display the rules in the security object.
ShowSecurity(mSec);
// Create the test key using the security object.
//
RegistryKey rk = cu.CreateSubKey(TestKey,
RegistryKeyPermissionCheck.ReadWriteSubTree, mSec);
// Create a child subkey and a grandchild subkey,
// without security.
RegistryKey rkChild = rk.CreateSubKey("ChildKey",
RegistryKeyPermissionCheck.ReadWriteSubTree);
RegistryKey rkGrandChild =
rkChild.CreateSubKey("GrandChildKey",
RegistryKeyPermissionCheck.ReadWriteSubTree);
Show(rk);
Show(rkChild);
Show(rkGrandChild);
rkGrandChild.Close();
rkChild.Close();
rk.Close();
cu.DeleteSubKeyTree(TestKey);
}
private static void Show(RegistryKey rk)
{
Console.WriteLine(rk.Name);
ShowSecurity(rk.GetAccessControl());
}
private static void ShowSecurity(RegistrySecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach( RegistryAccessRule ar in security.GetAccessRules(true, true, typeof(NTAccount)) )
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.RegistryRights);
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
Console.WriteLine(" Inherited? {0}", ar.IsInherited);
Console.WriteLine();
}
}
}
/* This code example produces output similar to following:
Current access rules:
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: ChangePermissions
Inheritance: ContainerInherit
Propagation: NoPropagateInherit, InheritOnly
Inherited? False
HKEY_CURRENT_USER\TestKey3927
Current access rules:
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: ChangePermissions
Inheritance: ContainerInherit
Propagation: NoPropagateInherit, InheritOnly
Inherited? False
HKEY_CURRENT_USER\TestKey3927\ChildKey
Current access rules:
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? True
User: TestDomain\TestUser
Type: Allow
Rights: ChangePermissions
Inheritance: None
Propagation: None
Inherited? True
HKEY_CURRENT_USER\TestKey3927\ChildKey\GrandChildKey
Current access rules:
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? True
*/
Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32
Public Class Example
Public Shared Sub Main()
Const TestKey As String = "TestKey3927"
Dim cu As RegistryKey = Registry.CurrentUser
Dim user As String = Environment.UserDomainName _
& "\" & Environment.UserName
' Create a security object that grants no access.
Dim mSec As New RegistrySecurity()
' Add a rule that grants the current user the right
' to read and enumerate the name/value pairs in a key,
' to read its access and audit rules, to enumerate
' its subkeys, to create subkeys, and to delete the key.
' The rule is inherited by all contained subkeys.
'
Dim rule As New RegistryAccessRule(user, _
RegistryRights.ReadKey Or RegistryRights.WriteKey _
Or RegistryRights.Delete, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.None, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Add a rule that allows the current user the right
' right to set the name/value pairs in a key.
' This rule is inherited by contained subkeys, but
' propagation flags limit it to immediate child
' subkeys.
rule = New RegistryAccessRule(user, _
RegistryRights.ChangePermissions, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Display the rules in the security object.
ShowSecurity(mSec)
' Create the test key using the security object.
'
Dim rk As RegistryKey = cu.CreateSubKey(TestKey, _
RegistryKeyPermissionCheck.ReadWriteSubTree, _
mSec)
' Create a child subkey and a grandchild subkey,
' without security.
Dim rkChild As RegistryKey= rk.CreateSubKey("ChildKey", _
RegistryKeyPermissionCheck.ReadWriteSubTree)
Dim rkGrandChild As RegistryKey = _
rkChild.CreateSubKey("GrandChildKey", _
RegistryKeyPermissionCheck.ReadWriteSubTree)
Show(rk)
Show(rkChild)
Show(rkGrandChild)
rkGrandChild.Close()
rkChild.Close()
rk.Close()
cu.DeleteSubKeyTree(TestKey)
End Sub
Private Shared Sub Show(ByVal rk As RegistryKey)
Console.WriteLine(rk.Name)
ShowSecurity(rk.GetAccessControl())
End Sub
Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)
For Each ar As RegistryAccessRule In _
security.GetAccessRules(True, True, GetType(NTAccount))
Console.WriteLine(" User: {0}", ar.IdentityReference)
Console.WriteLine(" Type: {0}", ar.AccessControlType)
Console.WriteLine(" Rights: {0}", ar.RegistryRights)
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
Console.WriteLine(" Inherited? {0}", ar.IsInherited)
Console.WriteLine()
Next
End Sub
End Class
'This code example produces output similar to following:
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ChangePermissions
' Inheritance: ContainerInherit
' Propagation: NoPropagateInherit, InheritOnly
' Inherited? False
'
'HKEY_CURRENT_USER\TestKey3927
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ChangePermissions
' Inheritance: ContainerInherit
' Propagation: NoPropagateInherit, InheritOnly
' Inherited? False
'
'HKEY_CURRENT_USER\TestKey3927\ChildKey
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? True
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ChangePermissions
' Inheritance: None
' Propagation: None
' Inherited? True
'
'HKEY_CURRENT_USER\TestKey3927\ChildKey\GrandChildKey
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? True
備註
類別RegistryAccessRule是 .NET Framework 在登錄機碼上管理 Windows 訪問控制安全性的一組類別之一。 如需這些類別的概觀及其與基礎 Windows 存取控制結構的關係,請參閱 RegistrySecurity。
注意
Windows 訪問控制安全性只能套用至登錄機碼。 它無法套用至儲存在索引鍵中的個別索引鍵/值組。
若要取得目前套用至登錄機碼的規則清單,請使用 RegistryKey.GetAccessControl 方法來取得 RegistrySecurity 對象,然後使用其 GetAccessRules 方法來取得 物件的集合 RegistryAccessRule 。
RegistryAccessRule 物件不會在 DACL) (基礎任意控制存取控制清單中對應一對一存取控制專案。 當您取得登錄機碼的所有存取規則集時,集合包含目前表示所有訪問控制專案所需的最小規則數目。
注意
套用和移除規則時,基礎訪問控制項目會變更。 如果可能的話,規則中的資訊會合併,以維護最少的訪問控制項目數目。 因此,當您閱讀目前的規則清單時,可能看起來可能與您所新增的所有規則清單完全相同。
使用 RegistryAccessRule 物件來指定允許或拒絕使用者或群組的訪問許可權。 物件 RegistryAccessRule 一律代表允許的存取或拒絕存取,絕不會同時代表兩者。
若要將規則套用至登錄機碼,請使用 RegistryKey.GetAccessControl 方法來取得 RegistrySecurity 物件。 RegistrySecurity使用 其 方法來修改 物件以新增規則,然後使用 RegistryKey.SetAccessControl 方法來重新附加安全性物件。
重要
您對 RegistrySecurity 對象的變更不會影響登錄機碼的存取層級,除非您呼叫 RegistryKey.SetAccessControl 方法來將已改變的安全性物件指派給登錄機碼。
RegistryAccessRule 物件是不可變的。 登錄機碼的安全性是使用 類別的 方法來 RegistrySecurity 修改,以新增或移除規則;如此一來,基礎訪問控制專案會修改。
建構函式
| RegistryAccessRule(IdentityReference, RegistryRights, AccessControlType) |
初始化 RegistryAccessRule 類別的新執行個體,指定套用此規則的使用者或群組、存取權限,以及允許還是拒絕指定的存取權限。 |
| RegistryAccessRule(IdentityReference, RegistryRights, InheritanceFlags, PropagationFlags, AccessControlType) |
初始化 RegistryAccessRule 類別的新執行個體,指定套用此規則的使用者或群組、存取權限、繼承旗標、傳用旗標,以及允許還是拒絕指定的存取權限。 |
| RegistryAccessRule(String, RegistryRights, AccessControlType) |
初始化 RegistryAccessRule 類別的新執行個體,指定套用此規則的使用者或群組名稱、存取權限,以及允許還是拒絕指定的存取權限。 |
| RegistryAccessRule(String, RegistryRights, InheritanceFlags, PropagationFlags, AccessControlType) |
初始化 RegistryAccessRule 類別的新執行個體,指定套用此規則的使用者或群組名稱、存取權限、繼承旗標、傳用旗標,以及允許還是拒絕指定的存取權限。 |
屬性
| AccessControlType |
取得與這個 AccessControlType 物件相關聯的 AccessRule 值。 (繼承來源 AccessRule) |
| AccessMask |
取得此規則的存取遮罩。 (繼承來源 AuthorizationRule) |
| IdentityReference |
取得要套用此規則的 IdentityReference。 (繼承來源 AuthorizationRule) |
| InheritanceFlags |
取得旗標值,這個值會決定子物件繼承這項規則的方式。 (繼承來源 AuthorizationRule) |
| IsInherited |
取得值,表示這個規則是否會明確地設定或繼承自父容器物件。 (繼承來源 AuthorizationRule) |
| PropagationFlags |
取得傳播旗標的值,該值判斷這個規則的繼承如何傳播到子物件。 只有當 InheritanceFlags 列舉的值不是 None,這個屬性才是重要的。 (繼承來源 AuthorizationRule) |
| RegistryRights |
取得存取規則所允許或拒絕的權限。 |
方法
| Equals(Object) |
判斷指定的物件是否等於目前的物件。 (繼承來源 Object) |
| GetHashCode() |
做為預設雜湊函式。 (繼承來源 Object) |
| GetType() |
取得目前執行個體的 Type。 (繼承來源 Object) |
| MemberwiseClone() |
建立目前 Object 的淺層複製。 (繼承來源 Object) |
| ToString() |
傳回代表目前物件的字串。 (繼承來源 Object) |
