Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

SemaphoreAccessRule Class

Note: This class is new in the .NET Framework version 2.0.

Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited.

Namespace: System.Security.AccessControl
Assembly: System (in system.dll)

[ComVisibleAttribute(false)] 
public sealed class SemaphoreAccessRule : AccessRule
/** @attribute ComVisibleAttribute(false) */ 
public final class SemaphoreAccessRule extends AccessRule
ComVisibleAttribute(false) 
public final class SemaphoreAccessRule extends AccessRule

The SemaphoreAccessRule class is one of a set of classes that the .NET Framework provides for managing Windows access control security on named system semaphores. For an overview of these classes, and their relationship to the underlying Windows access control structures, see SemaphoreSecurity.

NoteNote

Windows access control security is meaningful only for named system semaphores. If a Semaphore object represents a local semaphore, access control is irrelevant.

To get a list of the rules currently applied to a named semaphore, use the Semaphore.GetAccessControl method to get a SemaphoreSecurity object, then use its GetAccessRules method to obtain a collection of SemaphoreAccessRule objects.

SemaphoreAccessRule objects do not map one-to-one with access control entries in the underlying discretionary access control list (DACL). When you get the set of all access rules for a semaphore, the set contains the minimum number of rules currently required to express all the access control entries.

NoteNote

The underlying access control entries change as you apply and remove rules. The information in rules is merged if possible, to maintain the smallest number of access control entries. Thus, when you read the current list of rules, it might not look exactly like the list of all the rules you have added.

Use SemaphoreAccessRule objects to specify access rights to allow or deny to a user or group. A SemaphoreAccessRule object always represents either allowed access or denied access, never both.

To apply a rule to a named system semaphore, use the Semaphore.GetAccessControl method to get the SemaphoreSecurity object. Modify the SemaphoreSecurity object by using its methods to add the rule, and then use the Semaphore.SetAccessControl method to reattach the security object.

NoteImportant:

Changes you make to a SemaphoreSecurity object do not affect the access levels of the named semaphore until you call the Semaphore.SetAccessControl method to assign the altered security object to the named semaphore.

SemaphoreAccessRule objects are immutable. Security for a semaphore is modified using the methods of the SemaphoreSecurity class to add or remove rules; as you do this, the underlying access control entries are modified.

The following code example demonstrates the separation between Allow rules and Deny rules, and shows the combination of rights in compatible rules. The example creates a SemaphoreSecurity object, adds rules that allow and deny various rights for the current user, and displays the resulting pair of rules. The example then allows new rights for the current user and displays the result, showing that the new rights are merged with the existing Allow rule.

NoteNote

This example does not attach the security object to a Semaphore object. Examples that attach security objects can be found in Semaphore.GetAccessControl and Semaphore.SetAccessControl.

using System;
using System.Threading;
using System.Security.AccessControl;
using System.Security.Principal;

public class Example
{
    public static void Main()
    {
        // Create a string representing the current user.
        string user = Environment.UserDomainName + "\\" + 
            Environment.UserName;

        // Create a security object that grants no access.
        SemaphoreSecurity mSec = new SemaphoreSecurity();

        // Add a rule that grants the current user the 
        // right to enter or release the semaphore.
        SemaphoreAccessRule rule = new SemaphoreAccessRule(user, 
            SemaphoreRights.Synchronize | SemaphoreRights.Modify, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Add a rule that denies the current user the 
        // right to change permissions on the semaphore.
        rule = new SemaphoreAccessRule(user, 
            SemaphoreRights.ChangePermissions, 
            AccessControlType.Deny);
        mSec.AddAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Add a rule that allows the current user the 
        // right to read permissions on the semaphore. This rule
        // is merged with the existing Allow rule.
        rule = new SemaphoreAccessRule(user, 
            SemaphoreRights.ReadPermissions, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        ShowSecurity(mSec);
    }

    private static void ShowSecurity(SemaphoreSecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach(SemaphoreAccessRule ar in 
            security.GetAccessRules(true, true, typeof(NTAccount)))
        {
            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.SemaphoreRights);
            Console.WriteLine();
        }
    }
}

/*This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions

        User: TestDomain\TestUser
        Type: Allow
      Rights: Modify, Synchronize


Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions

        User: TestDomain\TestUser
        Type: Allow
      Rights: Modify, ReadPermissions, Synchronize
 */

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

.NET Framework

Supported in: 2.0

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.