Export (0) Print
Expand All

SemaphoreAccessRule Class

Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited.

Namespace:  System.Security.AccessControl
Assembly:  System (in System.dll)

<ComVisibleAttribute(False)> _
Public NotInheritable Class SemaphoreAccessRule _
	Inherits AccessRule

The SemaphoreAccessRule type exposes the following members.

Public methodSemaphoreAccessRule(IdentityReference, SemaphoreRights, AccessControlType)Initializes a new instance of the SemaphoreAccessRule class, specifying the user or group the rule applies to, the access rights, and whether the specified access rights are allowed or denied.
Public methodSemaphoreAccessRule(String, SemaphoreRights, AccessControlType)Initializes a new instance of the SemaphoreAccessRule class, specifying the name of the user or group the rule applies to, the access rights, and whether the specified access rights are allowed or denied.

Public propertyAccessControlTypeGets the AccessControlType value associated with this AccessRule object. (Inherited from AccessRule.)
Protected propertyAccessMaskGets the access mask for this rule. (Inherited from AuthorizationRule.)
Public propertyIdentityReferenceGets the IdentityReference to which this rule applies. (Inherited from AuthorizationRule.)
Public propertyInheritanceFlagsGets the value of flags that determine how this rule is inherited by child objects. (Inherited from AuthorizationRule.)
Public propertyIsInheritedGets a value indicating whether this rule is explicitly set or is inherited from a parent container object. (Inherited from AuthorizationRule.)
Public propertyPropagationFlagsGets the value of the propagation flags, which determine how inheritance of this rule is propagated to child objects. This property is significant only when the value of the InheritanceFlags enumeration is not None. (Inherited from AuthorizationRule.)
Public propertySemaphoreRightsGets the rights allowed or denied by the access rule.

Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)

The SemaphoreAccessRule class is one of a set of classes that the .NET Framework provides for managing Windows access control security on named system semaphores. For an overview of these classes, and their relationship to the underlying Windows access control structures, see SemaphoreSecurity.


Windows access control security is meaningful only for named system semaphores. If a Semaphore object represents a local semaphore, access control is irrelevant.

To get a list of the rules currently applied to a named semaphore, use the Semaphore.GetAccessControl method to get a SemaphoreSecurity object, then use its GetAccessRules method to obtain a collection of SemaphoreAccessRule objects.

SemaphoreAccessRule objects do not map one-to-one with access control entries in the underlying discretionary access control list (DACL). When you get the set of all access rules for a semaphore, the set contains the minimum number of rules currently required to express all the access control entries.


The underlying access control entries change as you apply and remove rules. The information in rules is merged if possible, to maintain the smallest number of access control entries. Thus, when you read the current list of rules, it might not look exactly like the list of all the rules you have added.

Use SemaphoreAccessRule objects to specify access rights to allow or deny to a user or group. A SemaphoreAccessRule object always represents either allowed access or denied access, never both.

To apply a rule to a named system semaphore, use the Semaphore.GetAccessControl method to get the SemaphoreSecurity object. Modify the SemaphoreSecurity object by using its methods to add the rule, and then use the Semaphore.SetAccessControl method to reattach the security object.

Important noteImportant

Changes you make to a SemaphoreSecurity object do not affect the access levels of the named semaphore until you call the Semaphore.SetAccessControl method to assign the altered security object to the named semaphore.

SemaphoreAccessRule objects are immutable. Security for a semaphore is modified using the methods of the SemaphoreSecurity class to add or remove rules; as you do this, the underlying access control entries are modified.


Security on synchronization objects is not supported for Windows 98 or Windows Millennium Edition.

The following code example demonstrates the separation between Allow rules and Deny rules, and shows the combination of rights in compatible rules. The example creates a SemaphoreSecurity object, adds rules that allow and deny various rights for the current user, and displays the resulting pair of rules. The example then allows new rights for the current user and displays the result, showing that the new rights are merged with the existing Allow rule.


This example does not attach the security object to a Semaphore object. Examples that attach security objects can be found in Semaphore.GetAccessControl and Semaphore.SetAccessControl.

Imports System
Imports System.Threading
Imports System.Security.AccessControl
Imports System.Security.Principal

Public Class Example

    Public Shared Sub Main()

        ' Create a string representing the current user. 
        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access. 
        Dim mSec As New SemaphoreSecurity()

        ' Add a rule that grants the current user the  
        ' right to enter or release the semaphore. 
        Dim rule As New SemaphoreAccessRule(user, _
            SemaphoreRights.Synchronize _
            Or SemaphoreRights.Modify, _

        ' Add a rule that denies the current user the  
        ' right to change permissions on the semaphore.
        rule = New SemaphoreAccessRule(user, _
            SemaphoreRights.ChangePermissions, _

        ' Display the rules in the security object.

        ' Add a rule that allows the current user the  
        ' right to read permissions on the semaphore. This  
        ' rule is merged with the existing Allow rule.
        rule = New SemaphoreAccessRule(user, _
            SemaphoreRights.ReadPermissions, _


    End Sub  

    Private Shared Sub ShowSecurity(ByVal security As SemaphoreSecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As SemaphoreAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.SemaphoreRights)

    End Sub 
End Class  

'This code example produces output similar to following: 

'Current access rules: 

'        User: TestDomain\TestUser 
'        Type: Deny 
'      Rights: ChangePermissions 

'        User: TestDomain\TestUser 
'        Type: Allow 
'      Rights: Modify, Synchronize 

'Current access rules: 

'        User: TestDomain\TestUser 
'        Type: Deny 
'      Rights: ChangePermissions 

'        User: TestDomain\TestUser 
'        Type: Allow 
'      Rights: Modify, ReadPermissions, Synchronize

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
© 2015 Microsoft