Share via

SemaphoreSecurity.RemoveAccessRule(SemaphoreAccessRule) 方法

  • 參考

定義

命名空間:
System.Security.AccessControl
組件:
System.Threading.AccessControl.dll
組件:
System.dll
套件:
System.Threading.AccessControl v8.0.0
套件:
System.Threading.AccessControl v9.0.0-preview.3.24172.9
來源:
SemaphoreSecurity.cs
來源:
SemaphoreSecurity.cs
來源:
SemaphoreSecurity.cs
來源:
SemaphoreSecurity.cs

搜尋具有與指定之規則相同的使用者和 AccessControlType (允許或拒絕) 以及具有相容的繼承和傳用旗標的存取控制規則。如果找到這樣的規則,則會移除指定之存取規則中所包含的權限。

public:
 bool RemoveAccessRule(System::Security::AccessControl::SemaphoreAccessRule ^ rule);
public bool RemoveAccessRule (System.Security.AccessControl.SemaphoreAccessRule rule);
override this.RemoveAccessRule : System.Security.AccessControl.SemaphoreAccessRule -> bool
Public Function RemoveAccessRule (rule As SemaphoreAccessRule) As Boolean

參數

rule
SemaphoreAccessRule

SemaphoreAccessRule,其會指定要搜尋的使用者和 AccessControlType,以及必須與相符的規則 (如果找到的話) 相容的繼承和傳用旗標集合。 如果找到的話,指定從相容的規則中移除此權限。

傳回

Boolean

如果找到相容的規則,則為 true,否則為 false

例外狀況

ArgumentNullException

rulenull

範例

下列程式代碼範例示範如何使用 RemoveAccessRule 方法,從 Allow 物件中的 SemaphoreSecurity 規則中移除許可權。 它也會顯示 中其他許可權 rule 會被忽略。

此範例會 SemaphoreSecurity 建立 物件,並新增規則,以允許和拒絕目前使用者的各種許可權。 允許的權限包括 ModifyReadPermissionsSynchronize。 然後,此範例會為目前使用者建立新的規則,包括 ReadPermissions 和許可權,並將該規則與方法搭配RemoveAccessRule使用,以從 Allow 物件中的SemaphoreSecurity規則中移除ReadPermissionsTakeOwnership。 會忽略 中的rule不適當TakeOwnership許可權。

注意

這個範例不會將安全性物件附加至 Semaphore 物件。 您可以在和 Semaphore.SetAccessControl中找到Semaphore.GetAccessControl附加安全性物件的範例。

using System;
using System.Threading;
using System.Security.AccessControl;
using System.Security.Principal;

public class Example
{
    public static void Main()
    {
        // Create a string representing the current user.
        string user = Environment.UserDomainName + "\\" + 
            Environment.UserName;

        // Create a security object that grants no access.
        SemaphoreSecurity mSec = new SemaphoreSecurity();

        // Add a rule that grants the current user the 
        // right to enter or release the semaphore and read the
        // permissions on the semaphore.
        SemaphoreAccessRule rule = new SemaphoreAccessRule(user, 
            SemaphoreRights.Synchronize | SemaphoreRights.Modify
                | SemaphoreRights.ReadPermissions, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Add a rule that denies the current user the 
        // right to change permissions on the semaphore.
        rule = new SemaphoreAccessRule(user, 
            SemaphoreRights.ChangePermissions, 
            AccessControlType.Deny);
        mSec.AddAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Create a rule that grants the current user 
        // the right to read permissions on the semaphore, and
        // take ownership of the semaphore. Use this rule to 
        // remove the right to read permissions from the 
        // Allow rule for the current user. The inclusion 
        // of the right to take ownership has no effect.
        rule = new SemaphoreAccessRule(user, 
            SemaphoreRights.TakeOwnership | 
                SemaphoreRights.ReadPermissions, 
            AccessControlType.Allow);
        mSec.RemoveAccessRule(rule);

        ShowSecurity(mSec);
    }

    private static void ShowSecurity(SemaphoreSecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach(SemaphoreAccessRule ar in 
            security.GetAccessRules(true, true, typeof(NTAccount)))
        {
            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.SemaphoreRights);
            Console.WriteLine();
        }
    }
}

/*This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions

        User: TestDomain\TestUser
        Type: Allow
      Rights: Modify, ReadPermissions, Synchronize


Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions

        User: TestDomain\TestUser
        Type: Allow
      Rights: Modify, Synchronize
 */

Imports System.Threading
Imports System.Security.AccessControl
Imports System.Security.Principal

Public Class Example

    Public Shared Sub Main()

        ' Create a string representing the current user.
        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access.
        Dim mSec As New SemaphoreSecurity()

        ' Add a rule that grants the current user the 
        ' right to enter or release the semaphore, and to 
        ' read its permissions.
        Dim rule As New SemaphoreAccessRule(user, _
            SemaphoreRights.Synchronize _
            Or SemaphoreRights.Modify _
            Or SemaphoreRights.ReadPermissions, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Add a rule that denies the current user the 
        ' right to change permissions on the semaphore.
        rule = New SemaphoreAccessRule(user, _
            SemaphoreRights.ChangePermissions, _
            AccessControlType.Deny)
        mSec.AddAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

        ' Create a rule that grants the current user 
        ' the right to read permissions on the semaphore, and
        ' take ownership of the semaphore. Use this rule to 
        ' remove the right to read permissions from the 
        ' Allow rule for the current user. The inclusion 
        ' of the right to take ownership has no effect.
        rule = New SemaphoreAccessRule(user, _
            SemaphoreRights.TakeOwnership _
            Or SemaphoreRights.ReadPermissions, _
            AccessControlType.Allow)
        mSec.RemoveAccessRule(rule)

        ShowSecurity(mSec)
        
    End Sub 

    Private Shared Sub ShowSecurity(ByVal security As SemaphoreSecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As SemaphoreAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.SemaphoreRights)
            Console.WriteLine()
        Next

    End Sub
End Class 

'This code example produces output similar to following:
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: ChangePermissions
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: Modify, ReadPermissions, Synchronize
'
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: ChangePermissions
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: Modify, Synchronize

備註

目前 SemaphoreSecurity 會搜尋具有相同用戶的規則,以及與 rule相同的AccessControlType值。 如果找不到這類規則,則不會採取任何動作,而且方法會傳 false回 。 如果找到相符的規則,則會檢查其繼承和相容性旗標是否與 中指定的 rule旗標相容。 如果找不到相容的規則,則不會採取任何動作,而且方法會傳 false回 。 如果找到具有相容旗標的規則,則會從相容的規則中移除中指定的 rule 許可權,而 方法會傳 true回 。 如果 rule 指定相容規則中未包含的許可權,則不會針對這些許可權採取任何動作。 如果從相容規則中移除所有許可權,則會從目前的 SemaphoreSecurity 物件中移除整個規則。

重要

雖然您可以指定旗號存取規則的繼承和傳播旗標,但建議使用 方法建立它們 AccessRuleFactory 。 繼承和傳播對具名旗號沒有意義,而且它們會使存取規則的維護更為複雜。

適用於