Classes
class	AccessRule
	Represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An AccessRule`1 object also contains information about the how the rule is inherited by child objects and how that inheritance is propagated. More...

class	AceEnumerator
	Provides the ability to iterate through the access control entries (ACEs) in an access control list (ACL). More...

class	AuditRule
	Represents a combination of a user’s identity and an access mask. More...

class	AuthorizationRule
	Determines access to securable objects. The derived classes T:System.Security.AccessControl.AccessRule and T:System.Security.AccessControl.AuditRule offer specializations for access and audit functionality. More...

class	AuthorizationRuleCollection
	Represents a collection of T:System.Security.AccessControl.AuthorizationRule objects. More...

class	CommonAce
	Represents an access control entry (ACE). More...

class	CommonAcl
	Represents an access control list (ACL) and is the base class for the T:System.Security.AccessControl.DiscretionaryAcl and T:System.Security.AccessControl.SystemAcl classes. More...

class	CommonObjectSecurity
	Controls access to objects without direct manipulation of access control lists (ACLs). This class is the abstract base class for the T:System.Security.AccessControl.NativeObjectSecurity class. More...

class	CommonSecurityDescriptor
	Represents a security descriptor. A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL). More...

class	CompoundAce
	Represents a compound Access Control Entry (ACE). More...

class	CryptoKeyAccessRule
	Represents an access rule for a cryptographic key. An access rule represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An access rule object also contains information about the how the rule is inherited by child objects and how that inheritance is propagated. More...

class	CryptoKeyAuditRule
	Represents an audit rule for a cryptographic key. An audit rule represents a combination of a user's identity and an access mask. An audit rule also contains information about the how the rule is inherited by child objects, how that inheritance is propagated, and for what conditions it is audited. More...

class	CryptoKeySecurity
	Provides the ability to control access to a cryptographic key object without direct manipulation of an Access Control List (ACL). More...

class	CustomAce
	Represents an Access Control Entry (ACE) that is not defined by one of the members of the T:System.Security.AccessControl.AceType enumeration. More...

class	DirectoryObjectSecurity
	Provides the ability to control access to directory objects without direct manipulation of Access Control Lists (ACLs). More...

class	DirectorySecurity
	Represents the access control and audit security for a directory. This class cannot be inherited. More...

class	DiscretionaryAcl
	Represents a Discretionary Access Control List (DACL). More...

class	EventWaitHandleAccessRule
	Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited. More...

class	EventWaitHandleAuditRule
	Represents a set of access rights to be audited for a user or group. This class cannot be inherited. More...

class	EventWaitHandleSecurity
	Represents the Windows access control security applied to a named system wait handle. This class cannot be inherited. More...

class	FileSecurity
	Represents the access control and audit security for a file. This class cannot be inherited. More...

class	FileSystemAccessRule
	Represents an abstraction of an access control entry (ACE) that defines an access rule for a file or directory. This class cannot be inherited. More...

class	FileSystemAuditRule
	Represents an abstraction of an access control entry (ACE) that defines an audit rule for a file or directory. This class cannot be inherited. More...

class	FileSystemSecurity
	Represents the access control and audit security for a file or directory. More...

class	GenericAce
	Represents an Access Control Entry (ACE), and is the base class for all other ACE classes. More...

class	GenericAcl
	Represents an access control list (ACL) and is the base class for the T:System.Security.AccessControl.CommonAcl, T:System.Security.AccessControl.DiscretionaryAcl, T:System.Security.AccessControl.RawAcl, and T:System.Security.AccessControl.SystemAcl classes. More...

class	GenericSecurityDescriptor
	Represents a security descriptor. A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL). More...

class	KnownAce
	Encapsulates all Access Control Entry (ACE) types currently defined by Microsoft Corporation. All T:System.Security.AccessControl.KnownAce objects contain a 32-bit access mask and a T:System.Security.Principal.SecurityIdentifier object. More...

class	MutexAccessRule
	Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited. More...

class	MutexAuditRule
	Represents a set of access rights to be audited for a user or group. This class cannot be inherited. More...

class	MutexSecurity
	Represents the Windows access control security for a named mutex. This class cannot be inherited. More...

class	NativeObjectSecurity
	Provides the ability to control access to native objects without direct manipulation of Access Control Lists (ACLs). Native object types are defined by the T:System.Security.AccessControl.ResourceType enumeration. More...

class	ObjectAccessRule
	Represents a combination of a user's identity, an access mask, and an access control type (allow or deny). An T:System.Security.AccessControl.ObjectAccessRule object also contains information about the type of object to which the rule applies, the type of child object that can inherit the rule, how the rule is inherited by child objects, and how that inheritance is propagated. More...

class	ObjectAce
	Controls access to Directory Services objects. This class represents an Access Control Entry (ACE) associated with a directory object. More...

class	ObjectAuditRule
	Represents a combination of a user's identity, an access mask, and audit conditions. An T:System.Security.AccessControl.ObjectAuditRule object also contains information about the type of object to which the rule applies, the type of child object that can inherit the rule, how the rule is inherited by child objects, and how that inheritance is propagated. More...

class	ObjectSecurity
	Provides the ability to control access to objects without direct manipulation of Access Control Lists (ACLs). This class is the abstract base class for the T:System.Security.AccessControl.CommonObjectSecurity and T:System.Security.AccessControl.DirectoryObjectSecurity classes. More...

class	PrivilegeNotHeldException
	The exception that is thrown when a method in the N:System.Security.AccessControl namespace attempts to enable a privilege that it does not have. More...

class	QualifiedAce
	Represents an Access Control Entry (ACE) that contains a qualifier. The qualifier, represented by an T:System.Security.AccessControl.AceQualifier object, specifies whether the ACE allows access, denies access, causes system audits, or causes system alarms. The T:System.Security.AccessControl.QualifiedAce class is the abstract base class for the T:System.Security.AccessControl.CommonAce and T:System.Security.AccessControl.ObjectAce classes. More...

class	RawAcl
	Represents an Access Control List (ACL). More...

class	RawSecurityDescriptor
	Represents a security descriptor. A security descriptor includes an owner, a primary group, a Discretionary Access Control List (DACL), and a System Access Control List (SACL). More...

class	RegistryAccessRule
	Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited. More...

class	RegistryAuditRule
	Represents a set of access rights to be audited for a user or group. This class cannot be inherited. More...

class	RegistrySecurity
	Represents the Windows access control security for a registry key. This class cannot be inherited. More...

class	SemaphoreAccessRule
	Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited. More...

class	SemaphoreAuditRule
	Represents a set of access rights to be audited for a user or group. This class cannot be inherited. More...

class	SemaphoreSecurity
	Represents the Windows access control security for a named semaphore. This class cannot be inherited. More...

class	SystemAcl
	Represents a System Access Control List (SACL). More...

Enumerations
enum	AccessControlActions { AccessControlActions.None = 0x0, AccessControlActions.View = 0x1, AccessControlActions.Change = 0x2 }
	Specifies the actions that are permitted for securable objects. More...

enum	AccessControlModification { AccessControlModification.Add, AccessControlModification.Set, AccessControlModification.Reset, AccessControlModification.Remove, AccessControlModification.RemoveAll, AccessControlModification.RemoveSpecific }
	Specifies the type of access control modification to perform. This enumeration is used by methods of the T:System.Security.AccessControl.ObjectSecurity class and its descendents. More...

enum	AccessControlSections { AccessControlSections.None = 0x0, AccessControlSections.Audit = 0x1, AccessControlSections.Access = 0x2, AccessControlSections.Owner = 0x4, AccessControlSections.Group = 0x8, AccessControlSections.All = 0xF }
	Specifies which sections of a security descriptor to save or load. More...

enum	AccessControlType { AccessControlType.Allow, AccessControlType.Deny }
	Specifies whether an T:System.Security.AccessControl.AccessRule object is used to allow or deny access. These values are not flags, and they cannot be combined. More...

enum	AceFlags : byte { AceFlags.None = 0x0, AceFlags.ObjectInherit = 0x1, AceFlags.ContainerInherit = 0x2, AceFlags.NoPropagateInherit = 0x4, AceFlags.InheritOnly = 0x8, AceFlags.Inherited = 0x10, AceFlags.SuccessfulAccess = 0x40, AceFlags.FailedAccess = 0x80, AceFlags.InheritanceFlags = 0xF, AceFlags.AuditFlags = 0xC0 }
	Specifies the inheritance and auditing behavior of an access control entry (ACE). More...

enum	AceQualifier { AceQualifier.AccessAllowed, AceQualifier.AccessDenied, AceQualifier.SystemAudit, AceQualifier.SystemAlarm }
	Specifies the function of an access control entry (ACE). More...

enum	AceType : byte { AceType.AccessAllowed = 0, AceType.AccessDenied = 1, AceType.SystemAudit = 2, AceType.SystemAlarm = 3, AceType.AccessAllowedCompound = 4, AceType.AccessAllowedObject = 5, AceType.AccessDeniedObject = 6, AceType.SystemAuditObject = 7, AceType.SystemAlarmObject = 8, AceType.AccessAllowedCallback = 9, AceType.AccessDeniedCallback = 10, AceType.AccessAllowedCallbackObject = 11, AceType.AccessDeniedCallbackObject = 12, AceType.SystemAuditCallback = 13, AceType.SystemAlarmCallback = 14, AceType.SystemAuditCallbackObject = 0xF, AceType.SystemAlarmCallbackObject = 0x10, AceType.MaxDefinedAceType = 0x10 }
	Defines the available access control entry (ACE) types. More...

enum	AuditFlags { AuditFlags.None = 0x0, AuditFlags.Success = 0x1, AuditFlags.Failure = 0x2 }
	Specifies the conditions for auditing attempts to access a securable object. More...

enum	CompoundAceType { CompoundAceType.Impersonation = 1 }
	Specifies the type of a T:System.Security.AccessControl.CompoundAce object. More...

enum	ControlFlags { ControlFlags.None = 0x0, ControlFlags.OwnerDefaulted = 0x1, ControlFlags.GroupDefaulted = 0x2, ControlFlags.DiscretionaryAclPresent = 0x4, ControlFlags.DiscretionaryAclDefaulted = 0x8, ControlFlags.SystemAclPresent = 0x10, ControlFlags.SystemAclDefaulted = 0x20, ControlFlags.DiscretionaryAclUntrusted = 0x40, ControlFlags.ServerSecurity = 0x80, ControlFlags.DiscretionaryAclAutoInheritRequired = 0x100, ControlFlags.SystemAclAutoInheritRequired = 0x200, ControlFlags.DiscretionaryAclAutoInherited = 0x400, ControlFlags.SystemAclAutoInherited = 0x800, ControlFlags.DiscretionaryAclProtected = 0x1000, ControlFlags.SystemAclProtected = 0x2000, ControlFlags.RMControlValid = 0x4000, ControlFlags.SelfRelative = 0x8000 }
	These flags affect the security descriptor behavior. More...

enum	CryptoKeyRights { CryptoKeyRights.ReadData = 0x1, CryptoKeyRights.WriteData = 0x2, CryptoKeyRights.ReadExtendedAttributes = 0x8, CryptoKeyRights.WriteExtendedAttributes = 0x10, CryptoKeyRights.ReadAttributes = 0x80, CryptoKeyRights.WriteAttributes = 0x100, CryptoKeyRights.Delete = 0x10000, CryptoKeyRights.ReadPermissions = 0x20000, CryptoKeyRights.ChangePermissions = 0x40000, CryptoKeyRights.TakeOwnership = 0x80000, CryptoKeyRights.Synchronize = 0x100000, CryptoKeyRights.FullControl = 0x1F019B, CryptoKeyRights.GenericAll = 0x10000000, CryptoKeyRights.GenericExecute = 0x20000000, CryptoKeyRights.GenericWrite = 0x40000000, CryptoKeyRights.GenericRead = int.MinValue }
	Specifies the cryptographic key operation for which an authorization rule controls access or auditing. More...

enum	EventWaitHandleRights { EventWaitHandleRights.Modify = 0x2, EventWaitHandleRights.Delete = 0x10000, EventWaitHandleRights.ReadPermissions = 0x20000, EventWaitHandleRights.ChangePermissions = 0x40000, EventWaitHandleRights.TakeOwnership = 0x80000, EventWaitHandleRights.Synchronize = 0x100000, EventWaitHandleRights.FullControl = 0x1F0003 }
	Specifies the access control rights that can be applied to named system event objects. More...

enum	FileSystemRights { FileSystemRights.ReadData = 0x1, FileSystemRights.ListDirectory = 0x1, FileSystemRights.WriteData = 0x2, FileSystemRights.CreateFiles = 0x2, FileSystemRights.AppendData = 0x4, FileSystemRights.CreateDirectories = 0x4, FileSystemRights.ReadExtendedAttributes = 0x8, FileSystemRights.WriteExtendedAttributes = 0x10, FileSystemRights.ExecuteFile = 0x20, FileSystemRights.Traverse = 0x20, FileSystemRights.DeleteSubdirectoriesAndFiles = 0x40, FileSystemRights.ReadAttributes = 0x80, FileSystemRights.WriteAttributes = 0x100, FileSystemRights.Delete = 0x10000, FileSystemRights.ReadPermissions = 0x20000, FileSystemRights.ChangePermissions = 0x40000, FileSystemRights.TakeOwnership = 0x80000, FileSystemRights.Synchronize = 0x100000, FileSystemRights.FullControl = 0x1F01FF, FileSystemRights.Read = 0x20089, FileSystemRights.ReadAndExecute = 0x200A9, FileSystemRights.Write = 0x116, FileSystemRights.Modify = 0x301BF }
	Defines the access rights to use when creating access and audit rules. More...

enum	InheritanceFlags { InheritanceFlags.None = 0x0, InheritanceFlags.ContainerInherit = 0x1, InheritanceFlags.ObjectInherit = 0x2 }
	Inheritance flags specify the semantics of inheritance for access control entries (ACEs). More...

enum	MutexRights { MutexRights.Modify = 0x1, MutexRights.Delete = 0x10000, MutexRights.ReadPermissions = 0x20000, MutexRights.ChangePermissions = 0x40000, MutexRights.TakeOwnership = 0x80000, MutexRights.Synchronize = 0x100000, MutexRights.FullControl = 0x1F0001 }
	Specifies the access control rights that can be applied to named system mutex objects. More...

enum	ObjectAceFlags { ObjectAceFlags.None = 0x0, ObjectAceFlags.ObjectAceTypePresent = 0x1, ObjectAceFlags.InheritedObjectAceTypePresent = 0x2 }
	Specifies the presence of object types for Access Control Entries (ACEs). More...

enum	PropagationFlags { PropagationFlags.None = 0x0, PropagationFlags.NoPropagateInherit = 0x1, PropagationFlags.InheritOnly = 0x2 }
	Specifies how Access Control Entries (ACEs) are propagated to child objects. These flags are significant only if inheritance flags are present. More...

enum	RegistryRights { RegistryRights.QueryValues = 0x1, RegistryRights.SetValue = 0x2, RegistryRights.CreateSubKey = 0x4, RegistryRights.EnumerateSubKeys = 0x8, RegistryRights.Notify = 0x10, RegistryRights.CreateLink = 0x20, RegistryRights.ExecuteKey = 0x20019, RegistryRights.ReadKey = 0x20019, RegistryRights.WriteKey = 0x20006, RegistryRights.Delete = 0x10000, RegistryRights.ReadPermissions = 0x20000, RegistryRights.ChangePermissions = 0x40000, RegistryRights.TakeOwnership = 0x80000, RegistryRights.FullControl = 0xF003F }
	Specifies the access control rights that can be applied to registry objects. More...

enum	ResourceType { ResourceType.Unknown, ResourceType.FileObject, ResourceType.Service, ResourceType.Printer, ResourceType.RegistryKey, ResourceType.LMShare, ResourceType.KernelObject, ResourceType.WindowObject, ResourceType.DSObject, ResourceType.DSObjectAll, ResourceType.ProviderDefined, ResourceType.WmiGuidObject, ResourceType.RegistryWow6432Key }
	Specifies the defined native object types. More...

enum	SecurityInfos { SecurityInfos.Owner = 0x1, SecurityInfos.Group = 0x2, SecurityInfos.DiscretionaryAcl = 0x4, SecurityInfos.SystemAcl = 0x8 }
	Specifies the section of a security descriptor to be queried or set. More...

enum	SemaphoreRights { SemaphoreRights.Modify = 0x2, SemaphoreRights.Delete = 0x10000, SemaphoreRights.ReadPermissions = 0x20000, SemaphoreRights.ChangePermissions = 0x40000, SemaphoreRights.TakeOwnership = 0x80000, SemaphoreRights.Synchronize = 0x100000, SemaphoreRights.FullControl = 0x1F0003 }
	Specifies the access control rights that can be applied to named system semaphore objects. More...

Enumeration Type Documentation

◆ AccessControlActions

enum System.Security.AccessControl.AccessControlActions

strong

Specifies the actions that are permitted for securable objects.

Enumerator
None	Specifies no access.
View	Specifies read-only access.
Change	Specifies write-only access.

Definition at line 5 of file AccessControlActions.cs.

◆ AccessControlModification

enum System.Security.AccessControl.AccessControlModification

strong

Specifies the type of access control modification to perform. This enumeration is used by methods of the T:System.Security.AccessControl.ObjectSecurity class and its descendents.

Enumerator
Add	Add the specified authorization rule to the access control list (ACL).
Set	Remove all authorization rules from the ACL, then add the specified authorization rule to the ACL.
Reset	Remove authorization rules that contain the same SID as the specified authorization rule from the ACL, and then add the specified authorization rule to the ACL.
Remove	Remove authorization rules that contain the same security identifier (SID) and access mask as the specified authorization rule from the ACL.
RemoveAll	Remove authorization rules that contain the same SID as the specified authorization rule from the ACL.
RemoveSpecific	Remove authorization rules that exactly match the specified authorization rule from the ACL.

Definition at line 4 of file AccessControlModification.cs.

◆ AccessControlSections

enum System.Security.AccessControl.AccessControlSections

strong

Specifies which sections of a security descriptor to save or load.

Enumerator
None	No sections.
Audit	The system access control list (SACL).
Access	The discretionary access control list (DACL).
Owner	The owner.
Group	The primary group.
All	The entire security descriptor.

Definition at line 5 of file AccessControlSections.cs.

◆ AccessControlType

enum System.Security.AccessControl.AccessControlType

strong

Specifies whether an T:System.Security.AccessControl.AccessRule object is used to allow or deny access. These values are not flags, and they cannot be combined.

Enumerator
Allow	The T:System.Security.AccessControl.AccessRule object is used to allow access to a secured object.
Deny	The T:System.Security.AccessControl.AccessRule object is used to deny access to a secured object.

Definition at line 4 of file AccessControlType.cs.

◆ AceFlags

enum System.Security.AccessControl.AceFlags : byte

strong

Specifies the inheritance and auditing behavior of an access control entry (ACE).

Enumerator
None	No ACE flags are set.
ObjectInherit	The access mask is propagated onto child leaf objects.
ContainerInherit	The access mask is propagated to child container objects.
NoPropagateInherit	The access checks do not apply to the object; they only apply to its children.
InheritOnly	The access mask is propagated only to child objects. This includes both container and leaf child objects.
Inherited	An ACE is inherited from a parent container rather than being explicitly set for an object.
SuccessfulAccess	Successful access attempts are audited.
FailedAccess	Failed access attempts are audited.
InheritanceFlags	A logical `OR` of F:System.Security.AccessControl.AceFlags.ObjectInherit, F:System.Security.AccessControl.AceFlags.ContainerInherit, F:System.Security.AccessControl.AceFlags.NoPropagateInherit, and F:System.Security.AccessControl.AceFlags.InheritOnly.
AuditFlags	All access attempts are audited.

Definition at line 5 of file AceFlags.cs.

◆ AceQualifier

enum System.Security.AccessControl.AceQualifier

strong

Specifies the function of an access control entry (ACE).

Enumerator
AccessAllowed	Allow access.
AccessDenied	Deny access.
SystemAudit	Cause a system audit.
SystemAlarm	Cause a system alarm.

Definition at line 4 of file AceQualifier.cs.

◆ AceType

enum System.Security.AccessControl.AceType : byte

strong

Defines the available access control entry (ACE) types.

Enumerator
AccessAllowed	Allows access to an object for a specific trustee identified by an T:System.Security.Principal.IdentityReference object.
AccessDenied	Denies access to an object for a specific trustee identified by an T:System.Security.Principal.IdentityReference object.
SystemAudit	Causes an audit message to be logged when a specified trustee attempts to gain access to an object. The trustee is identified by an T:System.Security.Principal.IdentityReference object.
SystemAlarm	Reserved for future use.
AccessAllowedCompound	Defined but never used. Included here for completeness.
AccessAllowedObject	Allows access to an object, property set, or property. The ACE contains a set of access rights, a GUID that identifies the type of object, and an T:System.Security.Principal.IdentityReference object that identifies the trustee to whom the system will grant access. The ACE also contains a GUID and a set of flags that control inheritance of the ACE by child objects.
AccessDeniedObject	Denies access to an object, property set, or property. The ACE contains a set of access rights, a GUID that identifies the type of object, and an T:System.Security.Principal.IdentityReference object that identifies the trustee to whom the system will grant access. The ACE also contains a GUID and a set of flags that control inheritance of the ACE by child objects.
SystemAuditObject	Causes an audit message to be logged when a specified trustee attempts to gain access to an object or subobjects such as property sets or properties. The ACE contains a set of access rights, a GUID that identifies the type of object or subobject, and an T:System.Security.Principal.IdentityReference object that identifies the trustee for whom the system will audit access. The ACE also contains a GUID and a set of flags that control inheritance of the ACE by child objects.
SystemAlarmObject	Reserved for future use.
AccessAllowedCallback	Allows access to an object for a specific trustee identified by an T:System.Security.Principal.IdentityReference object. This ACE type may contain optional callback data. The callback data is a resource manager–specific BLOB that is not interpreted.
AccessDeniedCallback	Denies access to an object for a specific trustee identified by an T:System.Security.Principal.IdentityReference object. This ACE type can contain optional callback data. The callback data is a resource manager–specific BLOB that is not interpreted.
AccessAllowedCallbackObject	Allows access to an object, property set, or property. The ACE contains a set of access rights, a GUID that identifies the type of object, and an T:System.Security.Principal.IdentityReference object that identifies the trustee to whom the system will grant access. The ACE also contains a GUID and a set of flags that control inheritance of the ACE by child objects. This ACE type may contain optional callback data. The callback data is a resource manager–specific BLOB that is not interpreted.
AccessDeniedCallbackObject	Denies access to an object, property set, or property. The ACE contains a set of access rights, a GUID that identifies the type of object, and an T:System.Security.Principal.IdentityReference object that identifies the trustee to whom the system will grant access. The ACE also contains a GUID and a set of flags that control inheritance of the ACE by child objects. This ACE type can contain optional callback data. The callback data is a resource manager–specific BLOB that is not interpreted.
SystemAuditCallback	Causes an audit message to be logged when a specified trustee attempts to gain access to an object. The trustee is identified by an T:System.Security.Principal.IdentityReference object. This ACE type can contain optional callback data. The callback data is a resource manager–specific BLOB that is not interpreted.
SystemAlarmCallback	Reserved for future use.
SystemAuditCallbackObject	Causes an audit message to be logged when a specified trustee attempts to gain access to an object or subobjects such as property sets or properties. The ACE contains a set of access rights, a GUID that identifies the type of object or subobject, and an T:System.Security.Principal.IdentityReference object that identifies the trustee for whom the system will audit access. The ACE also contains a GUID and a set of flags that control inheritance of the ACE by child objects. This ACE type can contain optional callback data. The callback data is a resource manager–specific BLOB that is not interpreted.
SystemAlarmCallbackObject	Reserved for future use.
MaxDefinedAceType	Tracks the maximum defined ACE type in the enumeration.

Definition at line 4 of file AceType.cs.

◆ AuditFlags

enum System.Security.AccessControl.AuditFlags

strong

Specifies the conditions for auditing attempts to access a securable object.

Enumerator
None	No access attempts are to be audited.
Success	Successful access attempts are to be audited.
Failure	Failed access attempts are to be audited.

Definition at line 5 of file AuditFlags.cs.

◆ CompoundAceType

enum System.Security.AccessControl.CompoundAceType

strong

Specifies the type of a T:System.Security.AccessControl.CompoundAce object.

Enumerator
Impersonation	The T:System.Security.AccessControl.CompoundAce object is used for impersonation.

Definition at line 4 of file CompoundAceType.cs.

◆ ControlFlags

enum System.Security.AccessControl.ControlFlags

strong

These flags affect the security descriptor behavior.

Enumerator
None	No control flags.
OwnerDefaulted	Specifies that the owner T:System.Security.Principal.SecurityIdentifier was obtained by a defaulting mechanism. Set by resource managers only; should not be set by callers.
GroupDefaulted	Specifies that the group T:System.Security.Principal.SecurityIdentifier was obtained by a defaulting mechanism. Set by resource managers only; should not be set by callers.
DiscretionaryAclPresent	Specifies that the DACL is not `null`. Set by resource managers or users.
DiscretionaryAclDefaulted	Specifies that the DACL was obtained by a defaulting mechanism. Set by resource managers only.
SystemAclPresent	Specifies that the SACL is not `null`. Set by resource managers or users.
SystemAclDefaulted	Specifies that the SACL was obtained by a defaulting mechanism. Set by resource managers only.
DiscretionaryAclUntrusted	Ignored.
ServerSecurity	Ignored.
DiscretionaryAclAutoInheritRequired	Ignored.
SystemAclAutoInheritRequired	Ignored.
DiscretionaryAclAutoInherited	Specifies that the Discretionary Access Control List (DACL) has been automatically inherited from the parent. Set by resource managers only.
SystemAclAutoInherited	Specifies that the System Access Control List (SACL) has been automatically inherited from the parent. Set by resource managers only.
DiscretionaryAclProtected	Specifies that the resource manager prevents auto-inheritance. Set by resource managers or users.
SystemAclProtected	Specifies that the resource manager prevents auto-inheritance. Set by resource managers or users.
RMControlValid	Specifies that the contents of the Reserved field are valid.
SelfRelative	Specifies that the security descriptor binary representation is in the self-relative format. This flag is always set.

Definition at line 5 of file ControlFlags.cs.

◆ CryptoKeyRights

enum System.Security.AccessControl.CryptoKeyRights

strong

Specifies the cryptographic key operation for which an authorization rule controls access or auditing.

Enumerator
ReadData	Read the key data.
WriteData	Write key data.
ReadExtendedAttributes	Read extended attributes of the key.
WriteExtendedAttributes	Write extended attributes of the key.
ReadAttributes	Read attributes of the key.
WriteAttributes	Write attributes of the key.
Delete	Delete the key.
ReadPermissions	Read permissions for the key.
ChangePermissions	Change permissions for the key.
TakeOwnership	Take ownership of the key.
Synchronize	Use the key for synchronization.
FullControl	Full control of the key.
GenericAll	A combination of F:System.Security.AccessControl.CryptoKeyRights.GenericRead and F:System.Security.AccessControl.CryptoKeyRights.GenericWrite.
GenericExecute	Not used.
GenericWrite	Write the key data, extended attributes of the key, attributes of the key, and permissions for the key.
GenericRead	Read the key data, extended attributes of the key, attributes of the key, and permissions for the key.

Definition at line 5 of file CryptoKeyRights.cs.

◆ EventWaitHandleRights

enum System.Security.AccessControl.EventWaitHandleRights

strong

Specifies the access control rights that can be applied to named system event objects.

Enumerator
Modify	The right to set or reset the signaled state of a named event.
Delete	The right to delete a named event.
ReadPermissions	The right to open and copy the access rules and audit rules for a named event.
ChangePermissions	The right to change the security and audit rules associated with a named event.
TakeOwnership	The right to change the owner of a named event.
Synchronize	The right to wait on a named event.
FullControl	The right to exert full control over a named event, and to modify its access rules and audit rules.

Definition at line 5 of file EventWaitHandleRights.cs.

◆ FileSystemRights

enum System.Security.AccessControl.FileSystemRights

strong

Defines the access rights to use when creating access and audit rules.

Enumerator
ReadData	Specifies the right to open and copy a file or folder. This does not include the right to read file system attributes, extended file system attributes, or access and audit rules.
ListDirectory	Specifies the right to read the contents of a directory.
WriteData	Specifies the right to open and write to a file or folder. This does not include the right to open and write file system attributes, extended file system attributes, or access and audit rules.
CreateFiles	Specifies the right to create a file.
AppendData	Specifies the right to append data to the end of a file.
CreateDirectories	Specifies the right to create a folder.
ReadExtendedAttributes	Specifies the right to open and copy extended file system attributes from a folder or file. For example, this value specifies the right to view author and content information. This does not include the right to read data, file system attributes, or access and audit rules.
WriteExtendedAttributes	Specifies the right to open and write extended file system attributes to a folder or file. This does not include the ability to write data, attributes, or access and audit rules.
ExecuteFile	Specifies the right to run an application file.
Traverse	Specifies the right to list the contents of a folder and to run applications contained within that folder.
DeleteSubdirectoriesAndFiles	Specifies the right to delete a folder and any files contained within that folder.
ReadAttributes	Specifies the right to open and copy file system attributes from a folder or file. For example, this value specifies the right to view the file creation or modified date. This does not include the right to read data, extended file system attributes, or access and audit rules.
WriteAttributes	Specifies the right to open and write file system attributes to a folder or file. This does not include the ability to write data, extended attributes, or access and audit rules.
Delete	Specifies the right to delete a folder or file.
ReadPermissions	Specifies the right to open and copy access and audit rules from a folder or file. This does not include the right to read data, file system attributes, and extended file system attributes.
ChangePermissions	Specifies the right to change the security and audit rules associated with a file or folder.
TakeOwnership	Specifies the right to change the owner of a folder or file. Note that owners of a resource have full access to that resource.
Synchronize	Specifies whether the application can wait for a file handle to synchronize with the completion of an I/O operation.
FullControl	Specifies the right to exert full control over a folder or file, and to modify access control and audit rules. This value represents the right to do anything with a file and is the combination of all rights in this enumeration.
Read	Specifies the right to open and copy folders or files as read-only. This right includes the F:System.Security.AccessControl.FileSystemRights.ReadData right, F:System.Security.AccessControl.FileSystemRights.ReadExtendedAttributes right, F:System.Security.AccessControl.FileSystemRights.ReadAttributes right, and F:System.Security.AccessControl.FileSystemRights.ReadPermissions right.
ReadAndExecute	Specifies the right to open and copy folders or files as read-only, and to run application files. This right includes the F:System.Security.AccessControl.FileSystemRights.Read right and the F:System.Security.AccessControl.FileSystemRights.ExecuteFile right.
Write	Specifies the right to create folders and files, and to add or remove data from files. This right includes the F:System.Security.AccessControl.FileSystemRights.WriteData right, F:System.Security.AccessControl.FileSystemRights.AppendData right, F:System.Security.AccessControl.FileSystemRights.WriteExtendedAttributes right, and F:System.Security.AccessControl.FileSystemRights.WriteAttributes right.
Modify	Specifies the right to read, write, list folder contents, delete folders and files, and run application files. This right includes the F:System.Security.AccessControl.FileSystemRights.ReadAndExecute right, the F:System.Security.AccessControl.FileSystemRights.Write right, and the F:System.Security.AccessControl.FileSystemRights.Delete right.

Definition at line 5 of file FileSystemRights.cs.

◆ InheritanceFlags

enum System.Security.AccessControl.InheritanceFlags

strong

Inheritance flags specify the semantics of inheritance for access control entries (ACEs).

Enumerator
None	The ACE is not inherited by child objects.
ContainerInherit	The ACE is inherited by child container objects.
ObjectInherit	The ACE is inherited by child leaf objects.

Definition at line 5 of file InheritanceFlags.cs.

◆ MutexRights

enum System.Security.AccessControl.MutexRights

strong

Specifies the access control rights that can be applied to named system mutex objects.

Enumerator
Modify	The right to release a named mutex.
Delete	The right to delete a named mutex.
ReadPermissions	The right to open and copy the access rules and audit rules for a named mutex.
ChangePermissions	The right to change the security and audit rules associated with a named mutex.
TakeOwnership	The right to change the owner of a named mutex.
Synchronize	The right to wait on a named mutex.
FullControl	The right to exert full control over a named mutex, and to modify its access rules and audit rules.

Definition at line 5 of file MutexRights.cs.

◆ ObjectAceFlags

enum System.Security.AccessControl.ObjectAceFlags

strong

Specifies the presence of object types for Access Control Entries (ACEs).

Enumerator
None	No object types are present.
ObjectAceTypePresent	The type of object that is associated with the ACE is present.
InheritedObjectAceTypePresent	The type of object that can inherit the ACE.

Definition at line 5 of file ObjectAceFlags.cs.

◆ PropagationFlags

enum System.Security.AccessControl.PropagationFlags

strong

Specifies how Access Control Entries (ACEs) are propagated to child objects. These flags are significant only if inheritance flags are present.

Enumerator
None	Specifies that no inheritance flags are set.
NoPropagateInherit	Specifies that the ACE is not propagated to child objects.
InheritOnly	Specifies that the ACE is propagated only to child objects. This includes both container and leaf child objects.

Definition at line 5 of file PropagationFlags.cs.

◆ RegistryRights

enum System.Security.AccessControl.RegistryRights

strong

Specifies the access control rights that can be applied to registry objects.

Enumerator
QueryValues	The right to query the name/value pairs in a registry key.
SetValue	The right to create, delete, or set name/value pairs in a registry key.
CreateSubKey	The right to create subkeys of a registry key.
EnumerateSubKeys	The right to list the subkeys of a registry key.
Notify	The right to request notification of changes on a registry key.
CreateLink	Reserved for system use.
ExecuteKey	Same as F:System.Security.AccessControl.RegistryRights.ReadKey.
ReadKey	The right to query the name/value pairs in a registry key, to request notification of changes, to enumerate its subkeys, and to read its access rules and audit rules.
WriteKey	The right to create, delete, and set the name/value pairs in a registry key, to create or delete subkeys, to request notification of changes, to enumerate its subkeys, and to read its access rules and audit rules.
Delete	The right to delete a registry key.
ReadPermissions	The right to open and copy the access rules and audit rules for a registry key.
ChangePermissions	The right to change the access rules and audit rules associated with a registry key.
TakeOwnership	The right to change the owner of a registry key.
FullControl	The right to exert full control over a registry key, and to modify its access rules and audit rules.

Definition at line 5 of file RegistryRights.cs.

◆ ResourceType

enum System.Security.AccessControl.ResourceType

strong

Specifies the defined native object types.

Enumerator
Unknown	An unknown object type.
FileObject	A file or directory.
Service	A Windows service.
Printer	A printer.
RegistryKey	A registry key.
LMShare	A network share.
KernelObject	A local kernel object.
WindowObject	A window station or desktop object on the local computer.
DSObject	A directory service (DS) object or a property set or property of a directory service object.
DSObjectAll	A directory service object and all of its property sets and properties.
ProviderDefined	An object defined by a provider.
WmiGuidObject	A Windows Management Instrumentation (WMI) object.
RegistryWow6432Key	An object for a registry entry under WOW64.

Definition at line 4 of file ResourceType.cs.

◆ SecurityInfos

enum System.Security.AccessControl.SecurityInfos

strong

Specifies the section of a security descriptor to be queried or set.

Enumerator
Owner	Specifies the owner identifier.
Group	Specifies the primary group identifier.
DiscretionaryAcl	Specifies the discretionary access control list (DACL).
SystemAcl	Specifies the system access control list (SACL).

Definition at line 5 of file SecurityInfos.cs.

◆ SemaphoreRights

enum System.Security.AccessControl.SemaphoreRights

strong

Specifies the access control rights that can be applied to named system semaphore objects.

Enumerator
Modify	The right to release a named semaphore.
Delete	The right to delete a named semaphore.
ReadPermissions	The right to open and copy the access rules and audit rules for a named semaphore.
ChangePermissions	The right to change the security and audit rules associated with a named semaphore.
TakeOwnership	The right to change the owner of a named semaphore.
Synchronize	The right to wait on a named semaphore.
FullControl	The right to exert full control over a named semaphore, and to modify its access rules and audit rules.

Definition at line 8 of file SemaphoreRights.cs.

Classes

Enumerations

Enumeration Type Documentation

◆ AccessControlActions

◆ AccessControlModification

◆ AccessControlSections

◆ AccessControlType

◆ AceFlags

◆ AceQualifier

◆ AceType

◆ AuditFlags

◆ CompoundAceType

◆ ControlFlags

◆ CryptoKeyRights

◆ EventWaitHandleRights

◆ FileSystemRights

◆ InheritanceFlags

◆ MutexRights

◆ ObjectAceFlags

◆ PropagationFlags

◆ RegistryRights

◆ ResourceType

◆ SecurityInfos

◆ SemaphoreRights