CommonAcl Class

Represents an access control list (ACL) and is the base class for the DiscretionaryAcl and SystemAcl classes.

Namespace:  System.Security.AccessControl
Assembly:  mscorlib (in mscorlib.dll)

public abstract class CommonAcl : GenericAcl

The CommonAcl type exposes the following members.

  NameDescription
Public propertyBinaryLengthGets the length, in bytes, of the binary representation of the current CommonAcl object. This length should be used before marshaling the access control list (ACL) into a binary array by using the GetBinaryForm() method. (Overrides GenericAcl.BinaryLength.)
Public propertyCountGets the number of access control entries (ACEs) in the current CommonAcl object. (Overrides GenericAcl.Count.)
Public propertyIsCanonicalGets a Boolean value that specifies whether the access control entries (ACEs) in the current CommonAcl object are in canonical order.
Public propertyIsContainerSets whether the CommonAcl object is a container.
Public propertyIsDSSets whether the current CommonAcl object is a directory object access control list (ACL).
Public propertyIsSynchronizedThis property is always set to false. It is implemented only because it is required for the implementation of the ICollection interface. (Inherited from GenericAcl.)
Public propertyItemGets or sets the CommonAce at the specified index. (Overrides GenericAcl.Item[Int32].)
Public propertyRevisionGets the revision level of the CommonAcl. (Overrides GenericAcl.Revision.)
Public propertySyncRootThis property always returns null. It is implemented only because it is required for the implementation of the ICollection interface. (Inherited from GenericAcl.)
Top

  NameDescription
Public methodCopyToCopies each GenericAce of the current GenericAcl into the specified array. (Inherited from GenericAcl.)
Public methodEquals(Object)Determines whether the specified Object is equal to the current Object. (Inherited from Object.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodGetBinaryFormMarshals the contents of the CommonAcl object into the specified byte array beginning at the specified offset. (Overrides GenericAcl.GetBinaryForm(Byte[], Int32).)
Public methodGetEnumeratorReturns a new instance of the AceEnumerator class. (Inherited from GenericAcl.)
Public methodGetHashCodeServes as a hash function for a particular type. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodPurgeRemoves all access control entries (ACEs) contained by this CommonAcl object that are associated with the specified SecurityIdentifier object.
Public methodRemoveInheritedAcesRemoves all inherited access control entries (ACEs) from this CommonAcl object.
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Top

  NameDescription
Explicit interface implemetationPrivate methodICollection.CopyToCopies each GenericAce of the current GenericAcl into the specified array. (Inherited from GenericAcl.)
Explicit interface implemetationPrivate methodIEnumerable.GetEnumeratorReturns a new instance of the AceEnumerator class cast as an instance of the IEnumerator interface. (Inherited from GenericAcl.)
Top

  • Certain combinations of inheritance and access mask flags are meaningless:

  • Any access control entry (ACE) with a zero-access mask is removed.

  • Inherit-only ACEs inside object ACLs are removed.

  • InheritOnly, NoPropagateInherit, [F:System.Security.AccessControl.InheritanceFlags.ContainerInherit,] and ObjectInherit flags on all ACEs in leaf object ACLs are cleared.

  • ACEs that have an InheritOnly flag in the absence of the ContainerInherit or ObjectInherit flag are meaningless; they are removed.

  • The NoPropagateInherit flag in the absence of the ContainerInherit or ObjectInherit flag can be removed.

  • ACEs that have an AuditFlags value of Success or Failure in discretionary access control lists (DACLs) are removed.

  • Any audit ACE that does not specify either Success or Failure is removed.

  • On DACLs, SystemAudit and SystemAlarm ACEs are removed.

  • On system access control lists (SACLs), AccessAllowed and AccessDenied ACEs are removed.

Canonical order is maintained according to the following algorithm:

  • Explicit ACEs take precedence over inherited ACEs; this rule applies to both DACLs and SACLs.

  • In DACLs, among the explicit ACEs, ACEs that deny access take precedence over ACEs that allow access. For directory object ACLs, the nonobject ACEs come before object ACEs.

  • All common ACEs take precedence over noncommon ACEs.

  • Inherited ACEs maintain their relative order after canonicity.

  • Unrecognized and custom ACEs are disallowed in both DACLs and SACLs.

  • Within contiguous ranges (explicit AccessDenied and AccessAllowed ACEs on DACLs, all explicit ACEs on SACLs), the ACEs are sorted by using the CompareTo() methods of the SecurityIdentifier objects associated with the ACEs.

Adjacent ACEs are combined, if appropriate. This reduces the size of the ACL without affecting the access control semantics it grants.

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft