How to: Import a Permission by Using an XML File
An application might need to control access to a resource in a way that is not supported by the permissions shipped with the Windows Software Development Kit (SDK). For example, an application might use personnel records where each employee record is stored in a separate file; in this case, read and write access must be controlled independently on different types of employee data. The application developer must ship a permission class that allows the application to have this level of detail of access to a file.
The following example shows how the information for a permission might appear in the XML file.
<IPermission class="CustomPermission, customPerm, Version=0.0.0.0, Culture=neutral, PublicKeyToken=64a85a7d791b1a32" version="1" Unrestricted="True"/>
The <IPermission> element, class attribute, and version attribute are present for every permission in the XML file. The class attribute points to the class and assembly that implement the custom permission. The value string for this attribute can be in any format discussed in Specifying Fully Qualified Type Names, but will most likely be in the form shown in the example.
The <IPermission> tag can contain other attributes or child elements defined by the developer that describe the state of the permission. In the previous example, the Unrestricted attribute is defined by the CustomPermission class.
The new permission must go into a permission set.
Before you add the permission to security policy, you might need to change the XML file so that the state of the permission meets your needs. See the documentation for the application to learn about the specific attributes for the permission and how to change its state.
Every code group that is associated with the modified permission set will grant the new permission to code that is a member of the code group. To learn how to add a custom permission to a permission set, see Configuring Permission Sets Using Caspol.exe.