SemaphoreSecurity.RemoveAccessRuleSpecific(SemaphoreAccessRule) Método
Definição
Importante
Algumas informações se referem a produtos de pré-lançamento que podem ser substancialmente modificados antes do lançamento. A Microsoft não oferece garantias, expressas ou implícitas, das informações aqui fornecidas.
Pesquisa por uma regra de controle de acesso que corresponda exatamente à regra especificada e, se encontrada, remove-a.
public:
void RemoveAccessRuleSpecific(System::Security::AccessControl::SemaphoreAccessRule ^ rule);
public void RemoveAccessRuleSpecific (System.Security.AccessControl.SemaphoreAccessRule rule);
override this.RemoveAccessRuleSpecific : System.Security.AccessControl.SemaphoreAccessRule -> unit
Public Sub RemoveAccessRuleSpecific (rule As SemaphoreAccessRule)
Parâmetros
- rule
- SemaphoreAccessRule
O SemaphoreAccessRule a ser removido.
Exceções
rule
é null
.
Exemplos
O exemplo de código a seguir mostra que o RemoveAccessRuleSpecific método requer uma correspondência exata para remover uma regra e que as regras para permitir e negar direitos são independentes umas das outras.
O exemplo cria um SemaphoreSecurity objeto, adiciona regras que permitem e negam vários direitos para o usuário atual e mescla direitos adicionais à Allow regra de acesso. Em seguida, o exemplo passa a regra original Allow para o RemoveAccessRuleSpecific método e exibe os resultados, mostrando que nada é excluído. Em seguida, o exemplo constrói uma regra que corresponde à Allow regra no SemaphoreSecurity objeto e usa com êxito o RemoveAccessRuleSpecific método para remover a regra.
Observação
Este exemplo não anexa o objeto de segurança a um Semaphore objeto. Exemplos que anexam objetos de segurança podem ser encontrados e Semaphore.GetAccessControl Semaphore.SetAccessControl.
using System;
using System.Threading;
using System.Security.AccessControl;
using System.Security.Principal;
public class Example
{
public static void Main()
{
// Create a string representing the current user.
string user = Environment.UserDomainName + "\\" +
Environment.UserName;
// Create a security object that grants no access.
SemaphoreSecurity mSec = new SemaphoreSecurity();
// Add a rule that grants the current user the
// right to enter or release the semaphore.
SemaphoreAccessRule ruleA = new SemaphoreAccessRule(user,
SemaphoreRights.Synchronize | SemaphoreRights.Modify,
AccessControlType.Allow);
mSec.AddAccessRule(ruleA);
// Add a rule that denies the current user the
// right to change permissions on the semaphore.
SemaphoreAccessRule rule = new SemaphoreAccessRule(user,
SemaphoreRights.ChangePermissions,
AccessControlType.Deny);
mSec.AddAccessRule(rule);
// Display the rules in the security object.
ShowSecurity(mSec);
// Add a rule that allows the current user the
// right to read permissions on the semaphore. This rule
// is merged with the existing Allow rule.
rule = new SemaphoreAccessRule(user,
SemaphoreRights.ReadPermissions,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
ShowSecurity(mSec);
// Attempt to remove the original rule (granting
// the right to enter or release the semaphore) with
// RemoveAccessRuleSpecific. The removal fails,
// because the right to read the permissions on the
// semaphore has been added to the rule, so that it no
// longer matches the original rule.
Console.WriteLine("Attempt to use RemoveAccessRuleSpecific on the original rule.");
mSec.RemoveAccessRuleSpecific(ruleA);
ShowSecurity(mSec);
// Create a rule that grants the current user
// the right to enter or release the semaphore, and
// to read permissions. Use this rule to remove
// the Allow rule for the current user.
Console.WriteLine("Use RemoveAccessRuleSpecific with the correct rights.");
rule = new SemaphoreAccessRule(user,
SemaphoreRights.Synchronize | SemaphoreRights.Modify |
SemaphoreRights.ReadPermissions,
AccessControlType.Allow);
mSec.RemoveAccessRuleSpecific(rule);
ShowSecurity(mSec);
}
private static void ShowSecurity(SemaphoreSecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach(SemaphoreAccessRule ar in
security.GetAccessRules(true, true, typeof(NTAccount)))
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.SemaphoreRights);
Console.WriteLine();
}
}
}
/*This code example produces output similar to following:
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: ChangePermissions
User: TestDomain\TestUser
Type: Allow
Rights: Modify, Synchronize
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: ChangePermissions
User: TestDomain\TestUser
Type: Allow
Rights: Modify, ReadPermissions, Synchronize
Attempt to use RemoveAccessRuleSpecific on the original rule.
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: ChangePermissions
User: TestDomain\TestUser
Type: Allow
Rights: Modify, ReadPermissions, Synchronize
Use RemoveAccessRuleSpecific with the correct rights.
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: ChangePermissions
*/
Imports System.Threading
Imports System.Security.AccessControl
Imports System.Security.Principal
Public Class Example
Public Shared Sub Main()
' Create a string representing the current user.
Dim user As String = Environment.UserDomainName _
& "\" & Environment.UserName
' Create a security object that grants no access.
Dim mSec As New SemaphoreSecurity()
' Add a rule that grants the current user the
' right to enter or release the semaphore.
Dim ruleA As New SemaphoreAccessRule(user, _
SemaphoreRights.Synchronize _
Or SemaphoreRights.Modify, _
AccessControlType.Allow)
mSec.AddAccessRule(ruleA)
' Add a rule that denies the current user the
' right to change permissions on the semaphore.
Dim rule As New SemaphoreAccessRule(user, _
SemaphoreRights.ChangePermissions, _
AccessControlType.Deny)
mSec.AddAccessRule(rule)
' Display the rules in the security object.
ShowSecurity(mSec)
' Add a rule that allows the current user the
' right to read permissions on the semaphore. This rule
' is merged with the existing Allow rule.
rule = New SemaphoreAccessRule(user, _
SemaphoreRights.ReadPermissions, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
ShowSecurity(mSec)
' Attempt to remove the original rule (granting
' the right to enter or release the semaphore) with
' RemoveAccessRuleSpecific. The removal fails,
' because the right to read the permissions on the
' semaphore has been added to the rule, so that it no
' longer matches the original rule.
Console.WriteLine("Attempt to use RemoveAccessRuleSpecific on the original rule.")
mSec.RemoveAccessRuleSpecific(ruleA)
ShowSecurity(mSec)
' Create a rule that grants the current user
' the right to enter or release the semaphore, and
' to read permissions. Use this rule to remove
' the Allow rule for the current user.
Console.WriteLine("Use RemoveAccessRuleSpecific with the correct rights.")
rule = New SemaphoreAccessRule(user, _
SemaphoreRights.Synchronize _
Or SemaphoreRights.Modify _
Or SemaphoreRights.ReadPermissions, _
AccessControlType.Allow)
mSec.RemoveAccessRuleSpecific(rule)
ShowSecurity(mSec)
End Sub
Private Shared Sub ShowSecurity(ByVal security As SemaphoreSecurity)
Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)
For Each ar As SemaphoreAccessRule In _
security.GetAccessRules(True, True, GetType(NTAccount))
Console.WriteLine(" User: {0}", ar.IdentityReference)
Console.WriteLine(" Type: {0}", ar.AccessControlType)
Console.WriteLine(" Rights: {0}", ar.SemaphoreRights)
Console.WriteLine()
Next
End Sub
End Class
'This code example produces output similar to following:
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: ChangePermissions
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: Modify, Synchronize
'
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: ChangePermissions
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: Modify, ReadPermissions, Synchronize
'
'Attempt to use RemoveAccessRuleSpecific on the original rule.
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: ChangePermissions
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: Modify, ReadPermissions, Synchronize
'
'Use RemoveAccessRuleSpecific with the correct rights.
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: ChangePermissions
Comentários
A regra será removida somente se corresponder exatamente rule
em todos os detalhes, incluindo sinalizadores. Outras regras com o mesmo usuário e AccessControlType não são afetadas.
Importante
Uma regra representa uma ou mais ACE (entradas de controle de acesso) subjacentes e essas entradas são divididas ou combinadas conforme necessário quando você modifica as regras de segurança de acesso para um usuário. Portanto, uma regra pode não existir mais na forma específica que tinha quando foi adicionada e, nesse caso, o RemoveAccessRuleSpecific método não pode removê-la.