This documentation is archived and is not being maintained.

NamedPermissionSet Class

Defines a permission set that has a name and description associated with it. This class cannot be inherited.

Namespace: System.Security
Assembly: mscorlib (in mscorlib.dll)

public ref class NamedPermissionSet sealed : public PermissionSet
/** @attribute SerializableAttribute() */ 
/** @attribute ComVisibleAttribute(true) */ 
public final class NamedPermissionSet extends PermissionSet
public final class NamedPermissionSet extends PermissionSet

Named permission sets are used in security policy administration to specify the permissions to be granted to code that belongs to certain code groups. Names are strings of alphanumeric characters. Description strings can consist of any printable characters.

The following code example shows the use of members of the NamedPermissionSet class.

using namespace System;
using namespace System::Reflection;
using namespace System::Security;
using namespace System::Security::Permissions;
using namespace System::Security::Policy;
using namespace System::IO;
using namespace System::Collections;
bool DisplayPermissions( NamedPermissionSet^ namedPS1 );
NamedPermissionSet^ CreateCompanyPermission();
void PermissionSetDemo()
   Console::WriteLine( "Executing NamedPermissionSetDemo" );
      // Create a new named permission set and add it to Machine policy.
      NamedPermissionSet^ namedPS1 = CreateCompanyPermission();
      Console::WriteLine( "The name of the custom named permission set is {0}\n", namedPS1->Name );
      Console::WriteLine( "The description of the custom named permission set is {0}\n", namedPS1->Description );
      DisplayPermissions( namedPS1 );
      NamedPermissionSet^ namedPS2 = gcnew NamedPermissionSet( "MyPermssionSetCopy" );
      // Perform a ToXml/FromXml round trip.
      namedPS2->FromXml( namedPS1->ToXml() );
      Console::WriteLine( "\nResult of the ToXml/FromXml round trip:" );
      // For simplicity the results are displayed using a method call.
      DisplayPermissions( namedPS2 );
      // Create and display a copy of a permission set.
      NamedPermissionSet^ namedPS3 = dynamic_cast<NamedPermissionSet^>(namedPS2->Copy());
      Console::WriteLine( "Is the copy equal to the original? {0}", namedPS2->Equals( namedPS3 ) );
      NamedPermissionSet^ namedPS4 = gcnew NamedPermissionSet( "Second copy", namedPS3 );
      Console::WriteLine( "The name of the new permission set is {0}\n", namedPS4->Name );
      // Show that the new named permission set has the same permissions as the original.
      DisplayPermissions( namedPS4 );
      // The hash code for two instances of the same permission might be different, hence a hash code should not be used to 
      // compare two named permission sets.
      Console::WriteLine( "The hash code of the original permission set is {0}", namedPS2->GetHashCode() );
      Console::WriteLine( "The hash code of the copy is {0}", namedPS4->GetHashCode() );
   catch ( Exception^ e ) 
      Console::WriteLine( "Exception thrown: {0}", e->Message );


bool DisplayPermissions( NamedPermissionSet^ namedPS1 )
   // Display results of namedPS.GetEnumerator.
   IEnumerator^ psEnumerator = namedPS1->GetEnumerator();
   while ( psEnumerator->MoveNext() )
      Console::WriteLine( psEnumerator->Current );

   return true;

// The following method uses the LocalIntranet permission set to create
// a custom permission set named MyCompany.  The new permission set is
// added to local Machine policy.  The custom named permission set is returned.
NamedPermissionSet^ CreateCompanyPermission()
   IEnumerator^ policyEnumerator = SecurityManager::PolicyHierarchy();
   // Move through the policy levels to the Machine policy level.
   while ( policyEnumerator->MoveNext() )
      PolicyLevel^ currentLevel = dynamic_cast<PolicyLevel^>(policyEnumerator->Current);
      if ( currentLevel->Label->Equals( "Machine" ) )
         // Enumerate the permission sets in the Machine policy level.
         IList^ namedPermissions = currentLevel->NamedPermissionSets;
         IEnumerator^ namedPermission = namedPermissions->GetEnumerator();
         // Locate the LocalIntranet permission set.
         while ( namedPermission->MoveNext() )
            if ( (dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->Name->Equals( "LocalIntranet" ) )
               // The current permission set is a copy of the LocalIntranet permission set.
               // It can be modified to provide the permissions for the new permission set.
               // Rename the copy to the name chosen for the new permission set.
               (dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->Name = "MyCompany";
               (dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->Description = "My custom named permission set";
               IEnumerator^ permissions = (dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->GetEnumerator();
               // Remove the current security permission from the permission set and replace it 
               // with a new security permission that does not have the right to assert permissions.
               while ( permissions->MoveNext() )
                  if ( permissions->Current->GetType()->ToString()->Equals( "System.Security.Permissions.SecurityPermission" ) )
                     // Remove the current security permission.
                     (dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->RemovePermission( permissions->Current->GetType() );
                     // Add a new security permission that only allows execution.
                     (dynamic_cast<NamedPermissionSet^>(namedPermission->Current))->AddPermission( gcnew SecurityPermission( SecurityPermissionFlag::Execution ) );
                  // If you run this application twice, the following instruction throws
                  // an exception because the named permission set already exists.
                  // You can remove the custom named permission set using either Caspole.exe or the  
                  // .NET Framework Configuration tool (Mscorcfg.msc).
                  return dynamic_cast<NamedPermissionSet^>(namedPermission->Current);
               // Catch the exception for a duplicate permission set.
               catch ( System::ArgumentException^ e ) 
                  Console::WriteLine( "{0}\n", e->Message );
                  return dynamic_cast<NamedPermissionSet^>(namedPermission->Current);


   return gcnew NamedPermissionSet( "Nothing" );

// Test harness.
int main()
   Console::WriteLine( "Press any key to exit." );


Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

.NET Framework

Supported in: 2.0, 1.1, 1.0