System 2.0.0.0 4.0.0.0 System.Security.AccessControl.NativeObjectSecurity System.Runtime.InteropServices.ComVisible(false) A object specifies access rights for a named system semaphore, and also specifies how access attempts are audited. Access rights to the semaphore are expressed as rules, with each access rule represented by a object. Each auditing rule is represented by a object. This mirrors the underlying Windows security system, in which each securable object has at most one discretionary access control list (DACL) that controls access to the secured object, and at most one system access control list (SACL) that specifies which access attempts are audited. The DACL and SACL are ordered lists of access control entries (ACE) that specify access and auditing for users and groups. A or object might represent more than one ACE. A object can represent a local semaphore or a named system semaphore. Windows access control security is meaningful only for named system semaphores. The , , and classes hide the implementation details of ACLs and ACEs. They allow you to ignore the seventeen different ACE types and the complexity of correctly maintaining inheritance and propagation of access rights. These objects are also designed to prevent the following common access control errors: Creating a security descriptor with a null DACL. A null reference to a DACL allows any user to add access rules to an object, potentially creating a denial-of-service attack. A new object always starts with an empty DACL, which denies all access for all users. Violating the canonical ordering of ACEs. If the ACE list in the DACL is not kept in the canonical order, users might inadvertently be given access to the secured object. For example, denied access rights must always appear before allowed access rights. objects maintain the correct order internally. Manipulating security descriptor flags, which should be under resource manager control only. Creating invalid combinations of ACE flags. Manipulating inherited ACEs. Inheritance and propagation are handled by the resource manager, in response to changes you make to access and audit rules. Inserting meaningless ACEs into ACLs. The only capabilities not supported by the .NET security objects are dangerous activities that should be avoided by the majority of application developers, such as the following: Low-level tasks that are normally performed by the resource manager. Adding or removing access control entries in ways that do not maintain the canonical ordering. To modify Windows access control security for a named semaphore, use the method to get the object. Modify the security object by adding and removing rules, and then use the method to reattach it. Changes you make to a object do not affect the access levels of the named semaphore until you call the method to assign the altered security object to the named semaphore. To copy access control security from one semaphore to another, use the method to get a object representing the access and audit rules for the first semaphore, then use the method, or a constructor that accepts a object, to assign those rules to the second semaphore. Users with an investment in the security descriptor definition language (SDDL) can use the method to set access rules for a named semaphore, and the method to obtain a string that represents the access rules in SDDL format. This is not recommended for new development. Security on synchronization objects is not supported for Windows 98 or Windows Millennium Edition.

Represents the Windows access control security for a named semaphore. This class cannot be inherited.

Constructor 2.0.0.0 4.0.0.0 A new object always starts with an empty discretionary access list (DACL), which denies all access for all users.

Initializes a new instance of the class with default values.

Constructor 2.0.0.0 4.0.0.0 This constructor allows you to obtain the access control security for a named system semaphore without first creating a object. Caution must be exercised when working with named system objects. If there is a system object named that is not a semaphore, its control access security might be retrieved.

Initializes a new instance of the class with the specified sections of the access control security rules from the system semaphore with the specified name.

The name of the system semaphore whose access control security rules are to be retrieved. A combination of flags specifying the sections to retrieve. Property 2.0.0.0 4.0.0.0 System.Type To be added. Classes that derive from the class override the property and return the type they use to represent access rights. When you work with arrays or collections that contain multiple types of security objects, use this property to determine the correct enumeration type to use with each security object.

Gets the enumeration that the class uses to represent access rights.

Method 2.0.0.0 4.0.0.0 System.Security.AccessControl.AccessRule The recommended way to create access control rules is to use the constructors of the class. Although inheritance and propagation flags are meaningless for named semaphores, it is still possible to specify them This is not recommended, because it needlessly complicates the maintenance of rules, for example by interfering with the combination of rules that would otherwise be compatible.

Creates a new access control rule for the specified user, with the specified access rights, access control, and flags.

A object representing the specified rights for the specified user. An that identifies the user or group the rule applies to. A bitwise combination of values specifying the access rights to allow or deny, cast to an integer. Meaningless for named semaphores, because they have no hierarchy. Meaningless for named semaphores, because they have no hierarchy. Meaningless for named semaphores, because they have no hierarchy. One of the values specifying whether the rights are allowed or denied. Property 2.0.0.0 4.0.0.0 System.Type To be added. Classes that derive from the class override the property and return the type they use to represent access rules. When you work with arrays or collections that contain multiple types of security objects, use this property to determine the correct access rule type to use with each security object.

Gets the type that the class uses to represent access rules.

Method 2.0.0.0 4.0.0.0 System.Void The method searches for rules with the same user or group and the same as . If none are found, is added. If a matching rule is found, the rights in are merged with the existing rule.

Searches for a matching rule with which the new rule can be merged. If none are found, adds the new rule.

The access control rule to add. Method 2.0.0.0 4.0.0.0 System.Void The method searches for rules with the same user or group as . If none are found, is added. If a matching rule is found, the flags in are merged into the existing rule.

Searches for an audit rule with which the new rule can be merged. If none are found, adds the new rule.

The audit rule to add. The user specified by this rule determines the search. Method 2.0.0.0 4.0.0.0 System.Security.AccessControl.AuditRule The recommended way to create audit rules is to use the constructors of the class. Although inheritance and propagation flags are meaningless for named semaphores, it is still possible to specify them. This is not recommended, because it needlessly complicates the maintenance of rules, for example by interfering with the combination of rules that would otherwise be compatible.

Creates a new audit rule, specifying the user the rule applies to, the access rights to audit, and the outcome that triggers the audit rule.

A object representing the specified audit rule for the specified user. The return type of the method is the base class, , but the return value can be cast safely to the derived class. An that identifies the user or group the rule applies to. A bitwise combination of values specifying the access rights to audit, cast to an integer. Meaningless for named wait handles, because they have no hierarchy. Meaningless for named wait handles, because they have no hierarchy. Meaningless for named wait handles, because they have no hierarchy. A bitwise combination of values that specify whether to audit successful access, failed access, or both. Property 2.0.0.0 4.0.0.0 System.Type To be added. Classes that derive from the class override the property and return the type they use to represent audit rights. When you work with arrays or collections that contain multiple types of security objects, use this property to determine the correct audit rule type to use with each security object.

Gets the type that the class uses to represent audit rules.

Method 2.0.0.0 4.0.0.0 System.Boolean The current is searched for a rule that has the same user and the same value as . If no such rule is found, no action is taken, and the method returns false. If matching rules are found, their inheritance and compatibility flags are checked for compatibility with the flags specified in . If no compatible rule is found, no action is taken, and the method returns false. If a rule with compatible flags is found, the rights specified in are removed from the compatible rule, and the method returns true. If specifies rights not contained in the compatible rule, no action is taken with respect to those rights. If all rights are removed from the compatible rule, the entire rule is removed from the current object. Although you can specify inheritance and propagation flags for semaphore access rules, by creating them with the method, this is not recommended. Inheritance and propagation have no meaning for named semaphores, and they make the maintenance of access rules more complicated.

Searches for an access control rule with the same user and (allow or deny) as the specified rule, and with compatible inheritance and propagation flags; if such a rule is found, the rights contained in the specified access rule are removed from it.

true if a compatible rule is found; otherwise false. A that specifies the user and to search for, and a set of inheritance and propagation flags that a matching rule, if found, must be compatible with. Specifies the rights to remove from the compatible rule, if found. Method 2.0.0.0 4.0.0.0 System.Void The current object is searched for rules that have the same user and the same value as . Any rights specified by are ignored when performing this search. If no matching rules are found, no action is taken.

Searches for all access control rules with the same user and (allow or deny) as the specified rule and, if found, removes them.

A that specifies the user and to search for. Any rights specified by this rule are ignored. Method 2.0.0.0 4.0.0.0 System.Void The rule is removed only if it exactly matches in all details, including flags. Other rules with the same user and are not affected. A rule represents one or more underlying access control entries (ACE), and these entries are split or combined as necessary when you modify the access security rules for a user. Thus, a rule might no longer exist in the specific form it had when it was added, and in that case the method cannot remove it.

Searches for an access control rule that exactly matches the specified rule and, if found, removes it.

The to remove. Method 2.0.0.0 4.0.0.0 System.Boolean The current is searched for an audit rule that has the same user as . If no such rule is found, no action is taken, and the method returns false. If matching rules are found, their inheritance and compatibility flags are checked for compatibility with the flags specified in . If no compatible rule is found, no action is taken, and the method returns false. If a rule with compatible flags is found, the rights specified in are removed from the compatible rule, and the method returns true. If specifies rights not contained in the compatible rule, no action is taken with respect to those rights. If all rights are removed from the compatible rule, the entire rule is removed from the current object. Although you can specify inheritance and propagation flags for semaphore audit rules, by creating them with the method, this is not recommended. Inheritance and propagation have no meaning for named semaphores, and they make the maintenance of audit rules more complicated.

Searches for an audit control rule with the same user as the specified rule, and with compatible inheritance and propagation flags; if a compatible rule is found, the rights contained in the specified rule are removed from it.

true if a compatible rule is found; otherwise, false. A that specifies the user to search for, and a set of inheritance and propagation flags that a matching rule, if found, must be compatible with. Specifies the rights to remove from the compatible rule, if found. Method 2.0.0.0 4.0.0.0 System.Void The current is searched for audit rules that have the same user as . Any rights specified by are ignored when performing this search. All matching rules are removed. If no matching rules are found, no action is taken.

Searches for all audit rules with the same user as the specified rule and, if found, removes them.

A that specifies the user to search for. Any rights specified by this rule are ignored. Method 2.0.0.0 4.0.0.0 System.Void The rule is removed only if it exactly matches in all details, including flags. Other audit rules for the same user are not affected. A rule represents one or more underlying access control entries (ACE), and these entries are split or combined as necessary when you modify the audit security rules for a user. Thus, a rule might no longer exist in the specific form it had when it was added, and in that case the method cannot remove it.

Searches for an audit rule that exactly matches the specified rule and, if found, removes it.

The to remove. Method 2.0.0.0 4.0.0.0 System.Void If there are no access rules whose user matches the specified rule, is added.

Removes all access control rules with the same user as the specified rule, regardless of , and then adds the specified rule.

The to add. The user specified by this rule determines the rules to remove before this rule is added. Method 2.0.0.0 4.0.0.0 System.Void If the specified rule has , the effect of this method is to remove all rules for the specified user, replacing them with the specified rule. If the specified rule has , all rules for the specified user are replaced with the specified rule. If there are no rules whose user and match the specified rule, is added.

Removes all access control rules with the same user and (allow or deny) as the specified rule, and then adds the specified rule.

The to add. The user and of this rule determine the rules to remove before this rule is added. Method 2.0.0.0 4.0.0.0 System.Void If there are no audit rules whose user matches the specified rule, is added.

Removes all audit rules with the same user as the specified rule, regardless of the value, and then adds the specified rule.

The to add. The user specified by this rule determines the rules to remove before this rule is added.