Expand Minimize

System.Security.AccessControl Namespace

The System.Security.AccessControl namespace provides programming elements that control access to and audit security-related actions on securable objects.

  Class Description
Public class AccessRule Represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An AccessRule object also contains information about the how the rule is inherited by child objects and how that inheritance is propagated.
Public class AccessRule<T> Represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An AccessRule`1 object also contains information about the how the rule is inherited by child objects and how that inheritance is propagated.
Public class AceEnumerator Provides the ability to iterate through the access control entries (ACEs) in an access control list (ACL).
Public class AuditRule Represents a combination of a user's identity and an access mask. An AuditRule object also contains information about how the rule is inherited by child objects, how that inheritance is propagated, and for what conditions it is audited.
Public class AuditRule<T> Represents a combination of a user’s identity and an access mask.
Public class AuthorizationRule Determines access to securable objects. The derived classes AccessRule and AuditRule offer specializations for access and audit functionality.
Public class AuthorizationRuleCollection Represents a collection of AuthorizationRule objects.
Public class CommonAce Represents an access control entry (ACE).
Public class CommonAcl Represents an access control list (ACL) and is the base class for the DiscretionaryAcl and SystemAcl classes.
Public class CommonObjectSecurity Controls access to objects without direct manipulation of access control lists (ACLs). This class is the abstract base class for the NativeObjectSecurity class.
Public class CommonSecurityDescriptor Represents a security descriptor. A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL).
Public class CompoundAce Represents a compound Access Control Entry (ACE).
Public class CryptoKeyAccessRule Represents an access rule for a cryptographic key. An access rule represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An access rule object also contains information about the how the rule is inherited by child objects and how that inheritance is propagated.
Public class CryptoKeyAuditRule Represents an audit rule for a cryptographic key. An audit rule represents a combination of a user's identity and an access mask. An audit rule also contains information about the how the rule is inherited by child objects, how that inheritance is propagated, and for what conditions it is audited.
Public class CryptoKeySecurity Provides the ability to control access to a cryptographic key object without direct manipulation of an Access Control List (ACL).
Public class CustomAce Represents an Access Control Entry (ACE) that is not defined by one of the members of the AceType enumeration.
Public class DirectoryObjectSecurity Provides the ability to control access to directory objects without direct manipulation of Access Control Lists (ACLs).
Public class DirectorySecurity Represents the access control and audit security for a directory. This class cannot be inherited.
Public class DiscretionaryAcl Represents a Discretionary Access Control List (DACL).
Public class EventWaitHandleAccessRule Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited.
Public class EventWaitHandleAuditRule Represents a set of access rights to be audited for a user or group. This class cannot be inherited.
Public class EventWaitHandleSecurity Represents the Windows access control security applied to a named system wait handle. This class cannot be inherited.
Public class FileSecurity Represents the access control and audit security for a file. This class cannot be inherited.
Public class FileSystemAccessRule Represents an abstraction of an access control entry (ACE) that defines an access rule for a file or directory. This class cannot be inherited.
Public class FileSystemAuditRule Represents an abstraction of an access control entry (ACE) that defines an audit rule for a file or directory. This class cannot be inherited.
Public class FileSystemSecurity Represents the access control and audit security for a file or directory.
Public class GenericAce Represents an Access Control Entry (ACE), and is the base class for all other ACE classes.
Public class GenericAcl Represents an access control list (ACL) and is the base class for the CommonAcl, DiscretionaryAcl, RawAcl, and SystemAcl classes.
Public class GenericSecurityDescriptor Represents a security descriptor. A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL).
Public class KnownAce Encapsulates all Access Control Entry (ACE) types currently defined by Microsoft Corporation. All KnownAce objects contain a 32-bit access mask and a SecurityIdentifier object.
Public class MutexAccessRule Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited.
Public class MutexAuditRule Represents a set of access rights to be audited for a user or group. This class cannot be inherited.
Public class MutexSecurity Represents the Windows access control security for a named mutex. This class cannot be inherited.
Public class NativeObjectSecurity Provides the ability to control access to native objects without direct manipulation of Access Control Lists (ACLs). Native object types are defined by the ResourceType enumeration.
Public class ObjectAccessRule Represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An ObjectAccessRule object also contains information about the type of object to which the rule applies, the type of child object that can inherit the rule, how the rule is inherited by child objects, and how that inheritance is propagated.
Public class ObjectAce Controls access to Directory Services objects. This class represents an Access Control Entry (ACE) associated with a directory object.
Public class ObjectAuditRule Represents a combination of a user's identity, an access mask, and audit conditions. An ObjectAuditRule object also contains information about the type of object to which the rule applies, the type of child object that can inherit the rule, how the rule is inherited by child objects, and how that inheritance is propagated.
Public class ObjectSecurity Provides the ability to control access to objects without direct manipulation of Access Control Lists (ACLs). This class is the abstract base class for the CommonObjectSecurity and DirectoryObjectSecurity classes.
Public class ObjectSecurity<T> Provides the ability to control access to objects without direct manipulation of Access Control Lists (ACLs); also grants the ability to type-cast access rights.
Public class PrivilegeNotHeldException The exception that is thrown when a method in the System.Security.AccessControl namespace attempts to enable a privilege that it does not have.
Public class QualifiedAce Represents an Access Control Entry (ACE) that contains a qualifier. The qualifier, represented by an AceQualifier object, specifies whether the ACE allows access, denies access, causes system audits, or causes system alarms. The QualifiedAce class is the abstract base class for the CommonAce and ObjectAce classes.
Public class RawAcl Represents an Access Control List (ACL).
Public class RawSecurityDescriptor Represents a security descriptor. A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL).
Public class RegistryAccessRule Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited.
Public class RegistryAuditRule Represents a set of access rights to be audited for a user or group. This class cannot be inherited.
Public class RegistrySecurity Represents the Windows access control security for a registry key. This class cannot be inherited.
Public class SemaphoreAccessRule Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited.
Public class SemaphoreAuditRule Represents a set of access rights to be audited for a user or group. This class cannot be inherited.
Public class SemaphoreSecurity Represents the Windows access control security for a named semaphore. This class cannot be inherited.
Public class SystemAcl Represents a System Access Control List (SACL).

  Delegate Description
Protected delegate NativeObjectSecurity.ExceptionFromErrorCode Provides a way for integrators to map numeric error codes to specific exceptions that they create.

  Enumeration Description
Public enumeration AccessControlActions Specifies the actions that are permitted for securable objects.
Public enumeration AccessControlModification Specifies the type of access control modification to perform. This enumeration is used by methods of the ObjectSecurity class and its descendents.
Public enumeration AccessControlSections Specifies which sections of a security descriptor to save or load.
Public enumeration AccessControlType Specifies whether an AccessRule object is used to allow or deny access. These values are not flags, and they cannot be combined.
Public enumeration AceFlags Specifies the inheritance and auditing behavior of an access control entry (ACE).
Public enumeration AceQualifier Specifies the function of an access control entry (ACE).
Public enumeration AceType Defines the available access control entry (ACE) types.
Public enumeration AuditFlags Specifies the conditions for auditing attempts to access a securable object.
Public enumeration CompoundAceType Specifies the type of a CompoundAce object.
Public enumeration ControlFlags These flags affect the security descriptor behavior.
Public enumeration CryptoKeyRights Specifies the cryptographic key operation for which an authorization rule controls access or auditing.
Public enumeration EventWaitHandleRights Specifies the access control rights that can be applied to named system event objects.
Public enumeration FileSystemRights Defines the access rights to use when creating access and audit rules.
Public enumeration InheritanceFlags Inheritance flags specify the semantics of inheritance for access control entries (ACEs).
Public enumeration MutexRights Specifies the access control rights that can be applied to named system mutex objects.
Public enumeration ObjectAceFlags Specifies the presence of object types for Access Control Entries (ACEs).
Public enumeration PropagationFlags Specifies how Access Control Entries (ACEs) are propagated to child objects. These flags are significant only if inheritance flags are present.
Public enumeration RegistryRights Specifies the access control rights that can be applied to registry objects.
Public enumeration ResourceType Specifies the defined native object types.
Public enumeration SecurityInfos Specifies the section of a security descriptor to be queried or set.
Public enumeration SemaphoreRights Specifies the access control rights that can be applied to named system semaphore objects.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft