CommonAcl Class
.NET Framework Class Library
CommonAcl Class

Represents an access control list (ACL) and is the base class for the DiscretionaryAcl and SystemAcl classes.

Namespace:  System.Security.AccessControl
Assembly:  mscorlib (in mscorlib.dll)
 Syntax
Visual Basic 
Public MustInherit Class CommonAcl _
    Inherits GenericAcl
C# 
public abstract class CommonAcl : GenericAcl
Visual C++ 
public ref class CommonAcl abstract : public GenericAcl
F# 
[<AbstractClassAttribute>]
type CommonAcl =  
    class
        inherit GenericAcl
    end
 Remarks

  • Certain combinations of inheritance and access mask flags are meaningless:

  • Any access control entry (ACE) with a zero-access mask is removed.

  • Inherit-only ACEs inside object ACLs are removed.

  • InheritOnly, NoPropagateInherit, [F:System.Security.AccessControl.InheritanceFlags.ContainerInherit,] and ObjectInherit flags on all ACEs in leaf object ACLs are cleared.

  • ACEs that have an InheritOnly flag in the absence of the ContainerInherit or ObjectInherit flag are meaningless; they are removed.

  • The NoPropagateInherit flag in the absence of the ContainerInherit or ObjectInherit flag can be removed.

  • ACEs that have an AuditFlags value of Success or Failure in discretionary access control lists (DACLs) are removed.

  • Any audit ACE that does not specify either Success or Failure is removed.

  • On DACLs, SystemAudit and SystemAlarm ACEs are removed.

  • On system access control lists (SACLs), AccessAllowed and AccessDenied ACEs are removed.

Canonical order is maintained according to the following algorithm:

  • Explicit ACEs take precedence over inherited ACEs; this rule applies to both DACLs and SACLs.

  • In DACLs, among the explicit ACEs, ACEs that deny access take precedence over ACEs that allow access. For directory object ACLs, the nonobject ACEs come before object ACEs.

  • All common ACEs take precedence over noncommon ACEs.

  • Inherited ACEs maintain their relative order after canonicity.

  • Unrecognized and custom ACEs are disallowed in both DACLs and SACLs.

  • Within contiguous ranges (explicit AccessDenied and AccessAllowed ACEs on DACLs, all explicit ACEs on SACLs), the ACEs are sorted by using the CompareTo()()() methods of the SecurityIdentifier objects associated with the ACEs.

Adjacent ACEs are combined, if appropriate. This reduces the size of the ACL without affecting the access control semantics it grants.
 Inheritance Hierarchy
System..::.Object
  System.Security.AccessControl..::.GenericAcl
    System.Security.AccessControl..::.CommonAcl
      System.Security.AccessControl..::.DiscretionaryAcl
      System.Security.AccessControl..::.SystemAcl
 Thread Safety
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
 Platforms

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role not supported), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
 Version Information

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1
 See Also

Reference

CommonAcl Members
System.Security.AccessControl Namespace
Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations

Page view tracker