RegistrySecurity.SetAccessRule(RegistryAccessRule) 메서드
정의
중요
일부 정보는 릴리스되기 전에 상당 부분 수정될 수 있는 시험판 제품과 관련이 있습니다. Microsoft는 여기에 제공된 정보에 대해 어떠한 명시적이거나 묵시적인 보증도 하지 않습니다.
지정된 규칙과 동일한 사용자 및 AccessControlType (허용 또는 거부)를 가진 모든 액세스 제어 규칙을 제거한 다음 지정된 규칙을 추가합니다.
public:
void SetAccessRule(System::Security::AccessControl::RegistryAccessRule ^ rule);public void SetAccessRule(System.Security.AccessControl.RegistryAccessRule rule);override this.SetAccessRule : System.Security.AccessControl.RegistryAccessRule -> unitPublic Sub SetAccessRule (rule As RegistryAccessRule)매개 변수
- rule
- RegistryAccessRule
추가할 개체입니다 RegistryAccessRule . 사용자와 AccessControlType 이 규칙의 경우 이 규칙이 추가되기 전에 제거할 규칙이 결정됩니다.
예외
rule은 null입니다.
예제
다음 코드 예제에서는 메서드가 사용자와 SetAccessRuleAccessControlType사용자 모두와 일치하는 모든 규칙을 제거하고 권한 및 플래그를 무시하고 해당 규칙을 대체rule한다는 것을 보여 rule 줍니다.
이 예제에서는 개체를 RegistrySecurity 만들고 다른 상속 및 전파 플래그를 사용하여 현재 사용자에 대한 다양한 권한을 허용하고 거부하는 규칙을 추가합니다. 그런 다음 현재 사용자가 키를 읽을 수 있도록 하는 새 규칙을 만들고 이 메서드를 사용하여 SetAccessRule 액세스를 허용하는 두 규칙을 제거하고 새 규칙으로 바꿉니다. 액세스를 거부하는 규칙은 영향을 받지 않습니다.
메모
이 예제에서는 보안 개체를 개체에 RegistryKey 연결하지 않습니다. RegistryKey.GetAccessControl 메서드 및 메서드를 참조하세요RegistryKey.SetAccessControl.
using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;
public class Example
{
public static void Main()
{
string user = Environment.UserDomainName + "\\"
+ Environment.UserName;
// Create a security object that grants no access.
RegistrySecurity mSec = new RegistrySecurity();
// Add a rule that grants the current user the right
// to read and enumerate the name/value pairs in a key,
// to read its access and audit rules, to enumerate
// its subkeys, to create subkeys, and to delete the key.
// The rule is inherited by all contained subkeys.
//
RegistryAccessRule rule = new RegistryAccessRule(user,
RegistryRights.ReadKey | RegistryRights.WriteKey
| RegistryRights.Delete,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Add a rule that allows the current user the right
// right to set the name/value pairs in a key.
// This rule is inherited by contained subkeys, but
// propagation flags limit it to immediate child
// subkeys.
rule = new RegistryAccessRule(user,
RegistryRights.ChangePermissions,
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Add a rule that denies the current user the right
// to set the name/value pairs in a key. This rule
// has no inheritance or propagation flags, so it
// affects only the key itself.
rule = new RegistryAccessRule(user,
RegistryRights.SetValue,
AccessControlType.Deny);
mSec.AddAccessRule(rule);
// Display the rules in the security object.
ShowSecurity(mSec);
// Create a rule that allows the current user
// only read access to a key, with no inheritance
// or propagation flags. SetAccessRule removes
// all the existing rules that allow access for
// the current user, replacing them with this
// rule. Rules that deny access do not match,
// and so are not affected.
rule = new RegistryAccessRule(user,
RegistryRights.ReadKey,
AccessControlType.Allow);
mSec.SetAccessRule(rule);
// Display the rules in the security object.
// removed.
ShowSecurity(mSec);
}
private static void ShowSecurity(RegistrySecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach( RegistryAccessRule ar in
security.GetAccessRules(true, true, typeof(NTAccount)) )
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.RegistryRights);
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
Console.WriteLine(" Inherited? {0}", ar.IsInherited);
Console.WriteLine();
}
}
}
/* This code example produces output similar to following:
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: SetValue
Inheritance: None
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: ChangePermissions
Inheritance: ContainerInherit
Propagation: NoPropagateInherit, InheritOnly
Inherited? False
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: SetValue
Inheritance: None
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: ReadKey
Inheritance: None
Propagation: None
Inherited? False
*/
Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32
Public Class Example
Public Shared Sub Main()
Dim user As String = Environment.UserDomainName _
& "\" & Environment.UserName
' Create a security object that grants no access.
Dim mSec As New RegistrySecurity()
' Add a rule that grants the current user the right
' to read and enumerate the name/value pairs in a key,
' to read its access and audit rules, to enumerate
' its subkeys, to create subkeys, and to delete the key.
' The rule is inherited by all contained subkeys.
'
Dim rule As New RegistryAccessRule(user, _
RegistryRights.ReadKey Or RegistryRights.WriteKey _
Or RegistryRights.Delete, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.None, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Add a rule that allows the current user the right
' right to set the name/value pairs in a key.
' This rule is inherited by contained subkeys, but
' propagation flags limit it to immediate child
' subkeys.
rule = New RegistryAccessRule(user, _
RegistryRights.ChangePermissions, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Add a rule that denies the current user the right
' to set the name/value pairs in a key. This rule
' has no inheritance or propagation flags, so it
' affects only the key itself.
rule = New RegistryAccessRule(user, _
RegistryRights.SetValue, _
AccessControlType.Deny)
mSec.AddAccessRule(rule)
' Display the rules in the security object.
ShowSecurity(mSec)
' Create a rule that allows the current user
' only read access to a key, with no inheritance
' or propagation flags. SetAccessRule removes
' all the existing rules that allow access for
' the current user, replacing them with this
' rule. Rules that deny access do not match,
' and so are not affected.
rule = New RegistryAccessRule(user, _
RegistryRights.ReadKey, _
AccessControlType.Allow)
mSec.SetAccessRule(rule)
' Display the rules in the security object.
ShowSecurity(mSec)
End Sub
Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)
For Each ar As RegistryAccessRule In _
security.GetAccessRules(True, True, GetType(NTAccount))
Console.WriteLine(" User: {0}", ar.IdentityReference)
Console.WriteLine(" Type: {0}", ar.AccessControlType)
Console.WriteLine(" Rights: {0}", ar.RegistryRights)
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
Console.WriteLine(" Inherited? {0}", ar.IsInherited)
Console.WriteLine()
Next
End Sub
End Class
'This code example produces output similar to following:
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: SetValue
' Inheritance: None
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ChangePermissions
' Inheritance: ContainerInherit
' Propagation: NoPropagateInherit, InheritOnly
' Inherited? False
'
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: SetValue
' Inheritance: None
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ReadKey
' Inheritance: None
' Propagation: None
' Inherited? False
설명
지정된 규칙이 Allow있는 경우 이 메서드의 효과는 지정된 사용자에 대한 모든 Allow 규칙을 제거하고 지정된 규칙으로 바꾸는 것입니다. 지정된 규칙이 Deny있는 경우 지정된 사용자에 대한 모든 Deny 규칙이 지정된 규칙으로 대체됩니다.
사용자가 지정한 규칙과 AccessControlType 일치하는 규칙이 rule 없으면 추가됩니다.
