Named Permission Sets
In the .NET Framework version 4, the common language runtime (CLR) is moving away from providing security policy for computers. Microsoft is recommending the use of Windows Software Restriction Policies as a replacement for CLR security policy. The information in this topic applies to the .NET Framework version 3.5 and earlier; it does not apply to version 4.0 and later. For more information about this and other changes, see Security Changes in the .NET Framework 4.
A named permission set is a set of permissions that administrators can associate with a code group. A named permission set consists of at least one permission, and a name and description for the permission set. Administrators can use named permission sets to establish or modify the security policy for code groups. More than one code group can be associated with the same named permission set.
The following table shows the built-in named permission sets provided by the common language runtime.
No permissions (code cannot run).
Permission to run (execute), but no permissions to use protected resources.
The default policy permission set suitable for content from unknown origin.
The default policy permission set within an enterprise.
All standard (built-in) permissions, except permission to skip verification.
Full access to all resources.
You cannot modify any of the built in named permission sets. However, it is possible to copy them and modify the copy using the .NET Configuration tool Microsoft Management Console (MMC) snap-in. Administrators can define custom named permission sets, as long as their names are different from the built-in named permission sets. Named permission sets cannot contain identity permissions because identity permissions are derived from evidence directly (for permission objects that implement IIdentityPermissionFactory) and are therefore not a product of normal policy evaluation.