-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
Copy pathRegistryAccessRule.xml
479 lines (407 loc) · 39.8 KB
/
RegistryAccessRule.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
<Type Name="RegistryAccessRule" FullName="System.Security.AccessControl.RegistryAccessRule">
<TypeSignature Language="C#" Value="public sealed class RegistryAccessRule : System.Security.AccessControl.AccessRule" />
<TypeSignature Language="ILAsm" Value=".class public auto ansi sealed beforefieldinit RegistryAccessRule extends System.Security.AccessControl.AccessRule" />
<TypeSignature Language="DocId" Value="T:System.Security.AccessControl.RegistryAccessRule" />
<TypeSignature Language="VB.NET" Value="Public NotInheritable Class RegistryAccessRule
Inherits AccessRule" />
<TypeSignature Language="F#" Value="type RegistryAccessRule = class
 inherit AccessRule" />
<TypeSignature Language="C++ CLI" Value="public ref class RegistryAccessRule sealed : System::Security::AccessControl::AccessRule" />
<AssemblyInfo>
<AssemblyName>Microsoft.Win32.Registry.AccessControl</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>mscorlib</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.0.5.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>Microsoft.Win32.Registry</AssemblyName>
<AssemblyVersion>4.1.1.0</AssemblyVersion>
<AssemblyVersion>4.1.2.0</AssemblyVersion>
<AssemblyVersion>4.1.3.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
</AssemblyInfo>
<TypeForwardingChain>
<TypeForwarding From="Microsoft.Win32.Registry.AccessControl" FromVersion="9.0.0.0" To="Microsoft.Win32.Registry" ToVersion="8.0.0.0" FrameworkAlternate="net-8.0-pp" />
<TypeForwarding From="Microsoft.Win32.Registry.AccessControl" FromVersion="9.0.0.0" To="Microsoft.Win32.Registry" ToVersion="9.0.0.0" FrameworkAlternate="net-9.0-pp;windowsdesktop-9.0" />
<TypeForwarding From="Microsoft.Win32.Registry.AccessControl" FromVersion="9.0.0.0" To="Microsoft.Win32.Registry" ToVersion="5.0.0.0" FrameworkAlternate="netframework-4.7.1-pp;netframework-4.7.2-pp;netframework-4.7-pp;netframework-4.8.1-pp;netframework-4.8-pp;netstandard-2.0-pp" />
<TypeForwarding From="Microsoft.Win32.Registry.AccessControl" FromVersion="4.0.4.0" To="Microsoft.Win32.Registry" ToVersion="4.1.2.0" FrameworkAlternate="windowsdesktop-3.0" />
<TypeForwarding From="Microsoft.Win32.Registry.AccessControl" FromVersion="4.0.5.0" To="Microsoft.Win32.Registry" ToVersion="4.1.3.0" FrameworkAlternate="windowsdesktop-3.1" />
<TypeForwarding From="Microsoft.Win32.Registry.AccessControl" FromVersion="5.0.0.0" To="Microsoft.Win32.Registry" ToVersion="5.0.0.0" FrameworkAlternate="windowsdesktop-5.0" />
<TypeForwarding From="Microsoft.Win32.Registry.AccessControl" FromVersion="6.0.0.0" To="Microsoft.Win32.Registry" ToVersion="6.0.0.0" FrameworkAlternate="windowsdesktop-6.0" />
<TypeForwarding From="Microsoft.Win32.Registry.AccessControl" FromVersion="7.0.0.0" To="Microsoft.Win32.Registry" ToVersion="7.0.0.0" FrameworkAlternate="windowsdesktop-7.0" />
<TypeForwarding From="Microsoft.Win32.Registry.AccessControl" FromVersion="8.0.0.0" To="Microsoft.Win32.Registry" ToVersion="8.0.0.0" FrameworkAlternate="windowsdesktop-8.0" />
</TypeForwardingChain>
<Base>
<BaseTypeName>System.Security.AccessControl.AccessRule</BaseTypeName>
</Base>
<Interfaces />
<Attributes>
<Attribute FrameworkAlternate="net-8.0;net-8.0-pp;net-9.0;net-9.0-pp;windowsdesktop-8.0;windowsdesktop-9.0">
<AttributeName Language="C#">[System.Runtime.CompilerServices.Nullable(0)]</AttributeName>
<AttributeName Language="F#">[<System.Runtime.CompilerServices.Nullable(0)>]</AttributeName>
</Attribute>
<Attribute FrameworkAlternate="netcore-1.0;netcore-1.1">
<AttributeName Language="C#">[System.Security.SecurityCritical]</AttributeName>
<AttributeName Language="F#">[<System.Security.SecurityCritical>]</AttributeName>
</Attribute>
</Attributes>
<Docs>
<summary>Represents a set of access rights allowed or denied for a user or group. This class cannot be inherited.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
The <xref:System.Security.AccessControl.RegistryAccessRule> class is one of a set of classes that the .NET Framework provides for managing Windows access control security on registry keys. For an overview of these classes, and their relationship to the underlying Windows access control structures, see <xref:System.Security.AccessControl.RegistrySecurity>.
> [!NOTE]
> Windows access control security can only be applied to registry keys. It cannot be applied to individual key/value pairs stored in a key.
To get a list of the rules currently applied to a registry key, use the <xref:Microsoft.Win32.RegistryKey.GetAccessControl%2A?displayProperty=nameWithType> method to get a <xref:System.Security.AccessControl.RegistrySecurity> object, and then use its <xref:System.Security.AccessControl.CommonObjectSecurity.GetAccessRules%2A> method to obtain a collection of <xref:System.Security.AccessControl.RegistryAccessRule> objects.
<xref:System.Security.AccessControl.RegistryAccessRule> objects do not map one-to-one with access control entries in the underlying discretionary control access list (DACL). When you get the set of all access rules for a registry key, the set contains the minimum number of rules currently required to express all the access control entries.
> [!NOTE]
> The underlying access control entries change as you apply and remove rules. The information in rules is merged if possible, to maintain the smallest number of access control entries. Thus, when you read the current list of rules, it might not look exactly like the list of all the rules you have added.
Use <xref:System.Security.AccessControl.RegistryAccessRule> objects to specify access rights to allow or deny to a user or group. A <xref:System.Security.AccessControl.RegistryAccessRule> object always represents either allowed access or denied access, never both.
To apply a rule to a registry key, use the <xref:Microsoft.Win32.RegistryKey.GetAccessControl%2A?displayProperty=nameWithType> method to get the <xref:System.Security.AccessControl.RegistrySecurity> object. Modify the <xref:System.Security.AccessControl.RegistrySecurity> object by using its methods to add the rule, and then use the <xref:Microsoft.Win32.RegistryKey.SetAccessControl%2A?displayProperty=nameWithType> method to reattach the security object.
> [!IMPORTANT]
> Changes you make to a <xref:System.Security.AccessControl.RegistrySecurity> object do not affect the access levels of the registry key until you call the <xref:Microsoft.Win32.RegistryKey.SetAccessControl%2A?displayProperty=nameWithType> method to assign the altered security object to the registry key.
<xref:System.Security.AccessControl.RegistryAccessRule> objects are immutable. Security for a registry key is modified using the methods of the <xref:System.Security.AccessControl.RegistrySecurity> class to add or remove rules; as you do this, the underlying access control entries are modified.
## Examples
The following code example demonstrates access rules with inheritance and propagation. The example creates a <xref:System.Security.AccessControl.RegistrySecurity> object, then creates and adds two rules that have the <xref:System.Security.AccessControl.InheritanceFlags.ContainerInherit> flag. The first rule has no propagation flags, while the second has <xref:System.Security.AccessControl.PropagationFlags.NoPropagateInherit> and <xref:System.Security.AccessControl.PropagationFlags.InheritOnly>.
The program displays the rules in the <xref:System.Security.AccessControl.RegistrySecurity> object, and then uses the object to create a subkey. The program creates a child subkey and a grandchild subkey, and then displays the security for each subkey. Finally, the program deletes the test keys.
:::code language="csharp" source="~/snippets/csharp/System.Security.AccessControl/RegistryAccessRule/Overview/source.cs" id="Snippet1":::
:::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_System/system.Security.AccessControl.RegistryAccessRule.ctor2/VB/source.vb" id="Snippet1":::
]]></format>
</remarks>
</Docs>
<Members>
<MemberGroup MemberName=".ctor">
<AssemblyInfo>
<AssemblyName>Microsoft.Win32.Registry.AccessControl</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Docs>
<summary>Initializes a new instance of the <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> class.</summary>
</Docs>
</MemberGroup>
<Member MemberName=".ctor">
<MemberSignature Language="C#" Value="public RegistryAccessRule (System.Security.Principal.IdentityReference identity, System.Security.AccessControl.RegistryRights registryRights, System.Security.AccessControl.AccessControlType type);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor(class System.Security.Principal.IdentityReference identity, valuetype System.Security.AccessControl.RegistryRights registryRights, valuetype System.Security.AccessControl.AccessControlType type) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Security.AccessControl.RegistryAccessRule.#ctor(System.Security.Principal.IdentityReference,System.Security.AccessControl.RegistryRights,System.Security.AccessControl.AccessControlType)" />
<MemberSignature Language="VB.NET" Value="Public Sub New (identity As IdentityReference, registryRights As RegistryRights, type As AccessControlType)" />
<MemberSignature Language="F#" Value="new System.Security.AccessControl.RegistryAccessRule : System.Security.Principal.IdentityReference * System.Security.AccessControl.RegistryRights * System.Security.AccessControl.AccessControlType -> System.Security.AccessControl.RegistryAccessRule" Usage="new System.Security.AccessControl.RegistryAccessRule (identity, registryRights, type)" />
<MemberSignature Language="C++ CLI" Value="public:
 RegistryAccessRule(System::Security::Principal::IdentityReference ^ identity, System::Security::AccessControl::RegistryRights registryRights, System::Security::AccessControl::AccessControlType type);" />
<MemberType>Constructor</MemberType>
<AssemblyInfo>
<AssemblyName>Microsoft.Win32.Registry.AccessControl</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>mscorlib</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.0.5.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>Microsoft.Win32.Registry</AssemblyName>
<AssemblyVersion>4.1.2.0</AssemblyVersion>
<AssemblyVersion>4.1.3.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Parameters>
<Parameter Name="identity" Type="System.Security.Principal.IdentityReference" />
<Parameter Name="registryRights" Type="System.Security.AccessControl.RegistryRights" />
<Parameter Name="type" Type="System.Security.AccessControl.AccessControlType" />
</Parameters>
<Docs>
<param name="identity">The user or group the rule applies to. Must be of type <see cref="T:System.Security.Principal.SecurityIdentifier" /> or a type such as <see cref="T:System.Security.Principal.NTAccount" /> that can be converted to type <see cref="T:System.Security.Principal.SecurityIdentifier" />.</param>
<param name="registryRights">A bitwise combination of <see cref="T:System.Security.AccessControl.RegistryRights" /> values indicating the rights allowed or denied.</param>
<param name="type">One of the <see cref="T:System.Security.AccessControl.AccessControlType" /> values indicating whether the rights are allowed or denied.</param>
<summary>Initializes a new instance of the <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> class, specifying the user or group the rule applies to, the access rights, and whether the specified access rights are allowed or denied.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
This constructor specifies default propagation and inheritance. That is, <xref:System.Security.AccessControl.InheritanceFlags.None?displayProperty=nameWithType> and <xref:System.Security.AccessControl.PropagationFlags.None?displayProperty=nameWithType>.
]]></format>
</remarks>
<exception cref="T:System.ArgumentOutOfRangeException">
<paramref name="registryRights" /> specifies an invalid value.
-or-
<paramref name="type" /> specifies an invalid value.</exception>
<exception cref="T:System.ArgumentNullException">
<paramref name="identity" /> is <see langword="null" />.
-or-
<paramref name="eventRights" /> is zero.</exception>
<exception cref="T:System.ArgumentException">
<paramref name="identity" /> is neither of type <see cref="T:System.Security.Principal.SecurityIdentifier" /> nor of a type such as <see cref="T:System.Security.Principal.NTAccount" /> that can be converted to type <see cref="T:System.Security.Principal.SecurityIdentifier" />.</exception>
</Docs>
</Member>
<Member MemberName=".ctor">
<MemberSignature Language="C#" Value="public RegistryAccessRule (string identity, System.Security.AccessControl.RegistryRights registryRights, System.Security.AccessControl.AccessControlType type);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor(string identity, valuetype System.Security.AccessControl.RegistryRights registryRights, valuetype System.Security.AccessControl.AccessControlType type) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Security.AccessControl.RegistryAccessRule.#ctor(System.String,System.Security.AccessControl.RegistryRights,System.Security.AccessControl.AccessControlType)" />
<MemberSignature Language="VB.NET" Value="Public Sub New (identity As String, registryRights As RegistryRights, type As AccessControlType)" />
<MemberSignature Language="F#" Value="new System.Security.AccessControl.RegistryAccessRule : string * System.Security.AccessControl.RegistryRights * System.Security.AccessControl.AccessControlType -> System.Security.AccessControl.RegistryAccessRule" Usage="new System.Security.AccessControl.RegistryAccessRule (identity, registryRights, type)" />
<MemberSignature Language="C++ CLI" Value="public:
 RegistryAccessRule(System::String ^ identity, System::Security::AccessControl::RegistryRights registryRights, System::Security::AccessControl::AccessControlType type);" />
<MemberType>Constructor</MemberType>
<AssemblyInfo>
<AssemblyName>Microsoft.Win32.Registry.AccessControl</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>mscorlib</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.0.5.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>Microsoft.Win32.Registry</AssemblyName>
<AssemblyVersion>4.1.2.0</AssemblyVersion>
<AssemblyVersion>4.1.3.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Parameters>
<Parameter Name="identity" Type="System.String" />
<Parameter Name="registryRights" Type="System.Security.AccessControl.RegistryRights" />
<Parameter Name="type" Type="System.Security.AccessControl.AccessControlType" />
</Parameters>
<Docs>
<param name="identity">The name of the user or group the rule applies to.</param>
<param name="registryRights">A bitwise combination of <see cref="T:System.Security.AccessControl.RegistryRights" /> values indicating the rights allowed or denied.</param>
<param name="type">One of the <see cref="T:System.Security.AccessControl.AccessControlType" /> values indicating whether the rights are allowed or denied.</param>
<summary>Initializes a new instance of the <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> class, specifying the name of the user or group the rule applies to, the access rights, and whether the specified access rights are allowed or denied.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
This constructor specifies default propagation and inheritance. That is, <xref:System.Security.AccessControl.InheritanceFlags.None?displayProperty=nameWithType> and <xref:System.Security.AccessControl.PropagationFlags.None?displayProperty=nameWithType>.
This constructor is equivalent to creating an <xref:System.Security.Principal.NTAccount> object, by passing `identity` to the <xref:System.Security.Principal.NTAccount.%23ctor%28System.String%29?displayProperty=nameWithType> constructor, and passing the newly created <xref:System.Security.Principal.NTAccount> object to the <xref:System.Security.AccessControl.RegistryAccessRule.%23ctor%28System.Security.Principal.IdentityReference%2CSystem.Security.AccessControl.RegistryRights%2CSystem.Security.AccessControl.AccessControlType%29> constructor.
## Examples
The following code example creates registry access rules and adds them to a <xref:System.Security.AccessControl.RegistrySecurity> object, showing how rules that allow and deny rights remain separate, while compatible rules of the same kind are merged.
:::code language="csharp" source="~/snippets/csharp/System.Security.AccessControl/RegistryAccessRule/.ctor/source.cs" id="Snippet1":::
:::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_System/system.Security.AccessControl.RegistrySecurity.AddAccessRule/VB/source.vb" id="Snippet1":::
]]></format>
</remarks>
<exception cref="T:System.ArgumentOutOfRangeException">
<paramref name="registryRights" /> specifies an invalid value.
-or-
<paramref name="type" /> specifies an invalid value.</exception>
<exception cref="T:System.ArgumentNullException">
<paramref name="registryRights" /> is zero.</exception>
<exception cref="T:System.ArgumentException">
<paramref name="identity" /> is <see langword="null" />.
-or-
<paramref name="identity" /> is a zero-length string.
-or-
<paramref name="identity" /> is longer than 512 characters.</exception>
</Docs>
</Member>
<Member MemberName=".ctor">
<MemberSignature Language="C#" Value="public RegistryAccessRule (System.Security.Principal.IdentityReference identity, System.Security.AccessControl.RegistryRights registryRights, System.Security.AccessControl.InheritanceFlags inheritanceFlags, System.Security.AccessControl.PropagationFlags propagationFlags, System.Security.AccessControl.AccessControlType type);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor(class System.Security.Principal.IdentityReference identity, valuetype System.Security.AccessControl.RegistryRights registryRights, valuetype System.Security.AccessControl.InheritanceFlags inheritanceFlags, valuetype System.Security.AccessControl.PropagationFlags propagationFlags, valuetype System.Security.AccessControl.AccessControlType type) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Security.AccessControl.RegistryAccessRule.#ctor(System.Security.Principal.IdentityReference,System.Security.AccessControl.RegistryRights,System.Security.AccessControl.InheritanceFlags,System.Security.AccessControl.PropagationFlags,System.Security.AccessControl.AccessControlType)" />
<MemberSignature Language="VB.NET" Value="Public Sub New (identity As IdentityReference, registryRights As RegistryRights, inheritanceFlags As InheritanceFlags, propagationFlags As PropagationFlags, type As AccessControlType)" />
<MemberSignature Language="F#" Value="new System.Security.AccessControl.RegistryAccessRule : System.Security.Principal.IdentityReference * System.Security.AccessControl.RegistryRights * System.Security.AccessControl.InheritanceFlags * System.Security.AccessControl.PropagationFlags * System.Security.AccessControl.AccessControlType -> System.Security.AccessControl.RegistryAccessRule" Usage="new System.Security.AccessControl.RegistryAccessRule (identity, registryRights, inheritanceFlags, propagationFlags, type)" />
<MemberSignature Language="C++ CLI" Value="public:
 RegistryAccessRule(System::Security::Principal::IdentityReference ^ identity, System::Security::AccessControl::RegistryRights registryRights, System::Security::AccessControl::InheritanceFlags inheritanceFlags, System::Security::AccessControl::PropagationFlags propagationFlags, System::Security::AccessControl::AccessControlType type);" />
<MemberType>Constructor</MemberType>
<AssemblyInfo>
<AssemblyName>Microsoft.Win32.Registry.AccessControl</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>mscorlib</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.0.5.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>Microsoft.Win32.Registry</AssemblyName>
<AssemblyVersion>4.1.2.0</AssemblyVersion>
<AssemblyVersion>4.1.3.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Parameters>
<Parameter Name="identity" Type="System.Security.Principal.IdentityReference" />
<Parameter Name="registryRights" Type="System.Security.AccessControl.RegistryRights" />
<Parameter Name="inheritanceFlags" Type="System.Security.AccessControl.InheritanceFlags" />
<Parameter Name="propagationFlags" Type="System.Security.AccessControl.PropagationFlags" />
<Parameter Name="type" Type="System.Security.AccessControl.AccessControlType" />
</Parameters>
<Docs>
<param name="identity">The user or group the rule applies to. Must be of type <see cref="T:System.Security.Principal.SecurityIdentifier" /> or a type such as <see cref="T:System.Security.Principal.NTAccount" /> that can be converted to type <see cref="T:System.Security.Principal.SecurityIdentifier" />.</param>
<param name="registryRights">A bitwise combination of <see cref="T:System.Security.AccessControl.RegistryRights" /> values specifying the rights allowed or denied.</param>
<param name="inheritanceFlags">A bitwise combination of <see cref="T:System.Security.AccessControl.InheritanceFlags" /> flags specifying how access rights are inherited from other objects.</param>
<param name="propagationFlags">A bitwise combination of <see cref="T:System.Security.AccessControl.PropagationFlags" /> flags specifying how access rights are propagated to other objects.</param>
<param name="type">One of the <see cref="T:System.Security.AccessControl.AccessControlType" /> values specifying whether the rights are allowed or denied.</param>
<summary>Initializes a new instance of the <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> class, specifying the user or group the rule applies to, the access rights, the inheritance flags, the propagation flags, and whether the specified access rights are allowed or denied.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
All registry keys are containers, so the only inheritance flag that is meaningful for registry keys is the <xref:System.Security.AccessControl.InheritanceFlags.ContainerInherit?displayProperty=nameWithType> flag. If this flag is not specified, the propagation flags are ignored, and only the immediate key is affected. If the flag is present, the rule is propagated as shown in the following table. The table assumes there is a subkey S with child subkey CS and grandchild subkey GS. That is, the path for the grandchild subkey is S\CS\GS.
| Propagation flags | S | CS | GS |
|--------------------------------------------------------------------------|---|----|----|
| <xref:System.Security.AccessControl.PropagationFlags.None> | X | X | X |
| <xref:System.Security.AccessControl.PropagationFlags.NoPropagateInherit> | X | X | |
| <xref:System.Security.AccessControl.PropagationFlags.InheritOnly> | | X | X |
| <xref:System.Security.AccessControl.PropagationFlags.NoPropagateInherit>, <xref:System.Security.AccessControl.PropagationFlags.InheritOnly> | | X | |
The pattern for the grandchild subkey governs all subkeys contained by the grandchild subkey.
For example, if the <xref:System.Security.AccessControl.InheritanceFlags.ContainerInherit> flag is specified for `inheritanceFlags` and the <xref:System.Security.AccessControl.PropagationFlags.InheritOnly> propagation flag is specified for `propagationFlags`, this rule does not apply to the immediate subkey, but does apply to all its immediate child subkeys and to all subkeys they contain.
> [!NOTE]
> Although you can specify the <xref:System.Security.AccessControl.InheritanceFlags.ObjectInherit?displayProperty=nameWithType> flag for `inheritanceFlags`, there is no point in doing so. For the purposes of access control, the name/value pairs in a subkey are not separate objects. The access rights to name/value pairs are controlled by the rights of the subkey. Furthermore, since all subkeys are containers (that is, they can contain other subkeys), they are not affected by the <xref:System.Security.AccessControl.InheritanceFlags.ObjectInherit> flag. Finally, specifying the <xref:System.Security.AccessControl.InheritanceFlags.ObjectInherit> flag needlessly complicates the maintenance of rules, because it interferes with the combination of otherwise compatible rules.
]]></format>
</remarks>
<exception cref="T:System.ArgumentOutOfRangeException">
<paramref name="registryRights" /> specifies an invalid value.
-or-
<paramref name="type" /> specifies an invalid value.
-or-
<paramref name="inheritanceFlags" /> specifies an invalid value.
-or-
<paramref name="propagationFlags" /> specifies an invalid value.</exception>
<exception cref="T:System.ArgumentNullException">
<paramref name="identity" /> is <see langword="null" />.
-or-
<paramref name="registryRights" /> is zero.</exception>
<exception cref="T:System.ArgumentException">
<paramref name="identity" /> is neither of type <see cref="T:System.Security.Principal.SecurityIdentifier" />, nor of a type such as <see cref="T:System.Security.Principal.NTAccount" /> that can be converted to type <see cref="T:System.Security.Principal.SecurityIdentifier" />.</exception>
</Docs>
</Member>
<Member MemberName=".ctor">
<MemberSignature Language="C#" Value="public RegistryAccessRule (string identity, System.Security.AccessControl.RegistryRights registryRights, System.Security.AccessControl.InheritanceFlags inheritanceFlags, System.Security.AccessControl.PropagationFlags propagationFlags, System.Security.AccessControl.AccessControlType type);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor(string identity, valuetype System.Security.AccessControl.RegistryRights registryRights, valuetype System.Security.AccessControl.InheritanceFlags inheritanceFlags, valuetype System.Security.AccessControl.PropagationFlags propagationFlags, valuetype System.Security.AccessControl.AccessControlType type) cil managed" />
<MemberSignature Language="DocId" Value="M:System.Security.AccessControl.RegistryAccessRule.#ctor(System.String,System.Security.AccessControl.RegistryRights,System.Security.AccessControl.InheritanceFlags,System.Security.AccessControl.PropagationFlags,System.Security.AccessControl.AccessControlType)" />
<MemberSignature Language="VB.NET" Value="Public Sub New (identity As String, registryRights As RegistryRights, inheritanceFlags As InheritanceFlags, propagationFlags As PropagationFlags, type As AccessControlType)" />
<MemberSignature Language="F#" Value="new System.Security.AccessControl.RegistryAccessRule : string * System.Security.AccessControl.RegistryRights * System.Security.AccessControl.InheritanceFlags * System.Security.AccessControl.PropagationFlags * System.Security.AccessControl.AccessControlType -> System.Security.AccessControl.RegistryAccessRule" Usage="new System.Security.AccessControl.RegistryAccessRule (identity, registryRights, inheritanceFlags, propagationFlags, type)" />
<MemberSignature Language="C++ CLI" Value="public:
 RegistryAccessRule(System::String ^ identity, System::Security::AccessControl::RegistryRights registryRights, System::Security::AccessControl::InheritanceFlags inheritanceFlags, System::Security::AccessControl::PropagationFlags propagationFlags, System::Security::AccessControl::AccessControlType type);" />
<MemberType>Constructor</MemberType>
<AssemblyInfo>
<AssemblyName>Microsoft.Win32.Registry.AccessControl</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>mscorlib</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.0.5.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>Microsoft.Win32.Registry</AssemblyName>
<AssemblyVersion>4.1.2.0</AssemblyVersion>
<AssemblyVersion>4.1.3.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Parameters>
<Parameter Name="identity" Type="System.String" />
<Parameter Name="registryRights" Type="System.Security.AccessControl.RegistryRights" />
<Parameter Name="inheritanceFlags" Type="System.Security.AccessControl.InheritanceFlags" />
<Parameter Name="propagationFlags" Type="System.Security.AccessControl.PropagationFlags" />
<Parameter Name="type" Type="System.Security.AccessControl.AccessControlType" />
</Parameters>
<Docs>
<param name="identity">The name of the user or group the rule applies to.</param>
<param name="registryRights">A bitwise combination of <see cref="T:System.Security.AccessControl.RegistryRights" /> values indicating the rights allowed or denied.</param>
<param name="inheritanceFlags">A bitwise combination of <see cref="T:System.Security.AccessControl.InheritanceFlags" /> flags specifying how access rights are inherited from other objects.</param>
<param name="propagationFlags">A bitwise combination of <see cref="T:System.Security.AccessControl.PropagationFlags" /> flags specifying how access rights are propagated to other objects.</param>
<param name="type">One of the <see cref="T:System.Security.AccessControl.AccessControlType" /> values specifying whether the rights are allowed or denied.</param>
<summary>Initializes a new instance of the <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> class, specifying the name of the user or group the rule applies to, the access rights, the inheritance flags, the propagation flags, and whether the specified access rights are allowed or denied.</summary>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
All registry keys are containers, so the only inheritance flag that is meaningful for registry keys is the <xref:System.Security.AccessControl.InheritanceFlags.ContainerInherit?displayProperty=nameWithType> flag. If this flag is not specified, the propagation flags are ignored, and only the immediate key is affected. If the flag is present, the rule is propagated as shown in the following table. The table assumes there is a subkey S with child subkey CS and grandchild subkey GS. That is, the path for the grandchild subkey is S\CS\GS.
| Propagation flags | S | CS | GS |
|--------------------------------------------------------------------------|---|----|----|
| <xref:System.Security.AccessControl.PropagationFlags.None> | X | X | X |
| <xref:System.Security.AccessControl.PropagationFlags.NoPropagateInherit> | X | X | |
| <xref:System.Security.AccessControl.PropagationFlags.InheritOnly> | | X | X |
| <xref:System.Security.AccessControl.PropagationFlags.NoPropagateInherit>, <xref:System.Security.AccessControl.PropagationFlags.InheritOnly> | | X | |
The pattern for the grandchild subkey governs all subkeys contained by the grandchild subkey.
For example, if the <xref:System.Security.AccessControl.InheritanceFlags.ContainerInherit> flag is specified for `inheritanceFlags` and the <xref:System.Security.AccessControl.PropagationFlags.InheritOnly> propagation flag is specified for `propagationFlags`, this rule does not apply to the immediate subkey, but does apply to all its immediate child subkeys and to all subkeys they contain.
> [!NOTE]
> Although you can specify the <xref:System.Security.AccessControl.InheritanceFlags.ObjectInherit?displayProperty=nameWithType> flag for `inheritanceFlags`, there is no point in doing so. For the purposes of access control, the name/value pairs in a subkey are not separate objects. The access rights to name/value pairs are controlled by the rights of the subkey. Furthermore, since all subkeys are containers (that is, they can contain other subkeys), they are not affected by the <xref:System.Security.AccessControl.InheritanceFlags.ObjectInherit> flag. Finally, specifying the <xref:System.Security.AccessControl.InheritanceFlags.ObjectInherit> flag needlessly complicates the maintenance of rules, because it interferes with the combination of otherwise compatible rules.
This constructor is equivalent to creating an <xref:System.Security.Principal.NTAccount> object, by passing `identity` to the <xref:System.Security.Principal.NTAccount.%23ctor%28System.String%29?displayProperty=nameWithType> constructor, and passing the newly created <xref:System.Security.Principal.NTAccount> object to the <xref:System.Security.AccessControl.RegistryAccessRule.%23ctor%28System.Security.Principal.IdentityReference%2CSystem.Security.AccessControl.RegistryRights%2CSystem.Security.AccessControl.InheritanceFlags%2CSystem.Security.AccessControl.PropagationFlags%2CSystem.Security.AccessControl.AccessControlType%29> constructor.
## Examples
The following code example demonstrates access rules with inheritance and propagation. The example creates a <xref:System.Security.AccessControl.RegistrySecurity> object, and then creates and adds two rules that have the <xref:System.Security.AccessControl.InheritanceFlags.ContainerInherit> flag. The first rule has no propagation flags, while the second has <xref:System.Security.AccessControl.PropagationFlags.NoPropagateInherit> and <xref:System.Security.AccessControl.PropagationFlags.InheritOnly>.
The program displays the rules in the <xref:System.Security.AccessControl.RegistrySecurity> object, and then uses the <xref:System.Security.AccessControl.RegistrySecurity> object to create a subkey. The program creates a child subkey and a grandchild subkey, and then displays the rules for each subkey. Finally, the program deletes the test keys.
:::code language="csharp" source="~/snippets/csharp/System.Security.AccessControl/RegistryAccessRule/Overview/source.cs" id="Snippet1":::
:::code language="vb" source="~/snippets/visualbasic/VS_Snippets_CLR_System/system.Security.AccessControl.RegistryAccessRule.ctor2/VB/source.vb" id="Snippet1":::
]]></format>
</remarks>
<exception cref="T:System.ArgumentOutOfRangeException">
<paramref name="registryRights" /> specifies an invalid value.
-or-
<paramref name="type" /> specifies an invalid value.
-or-
<paramref name="inheritanceFlags" /> specifies an invalid value.
-or-
<paramref name="propagationFlags" /> specifies an invalid value.</exception>
<exception cref="T:System.ArgumentNullException">
<paramref name="eventRights" /> is zero.</exception>
<exception cref="T:System.ArgumentException">
<paramref name="identity" /> is <see langword="null" />.
-or-
<paramref name="identity" /> is a zero-length string.
-or-
<paramref name="identity" /> is longer than 512 characters.</exception>
</Docs>
</Member>
<Member MemberName="RegistryRights">
<MemberSignature Language="C#" Value="public System.Security.AccessControl.RegistryRights RegistryRights { get; }" />
<MemberSignature Language="ILAsm" Value=".property instance valuetype System.Security.AccessControl.RegistryRights RegistryRights" />
<MemberSignature Language="DocId" Value="P:System.Security.AccessControl.RegistryAccessRule.RegistryRights" />
<MemberSignature Language="VB.NET" Value="Public ReadOnly Property RegistryRights As RegistryRights" />
<MemberSignature Language="F#" Value="member this.RegistryRights : System.Security.AccessControl.RegistryRights" Usage="System.Security.AccessControl.RegistryAccessRule.RegistryRights" />
<MemberSignature Language="C++ CLI" Value="public:
 property System::Security::AccessControl::RegistryRights RegistryRights { System::Security::AccessControl::RegistryRights get(); };" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyName>Microsoft.Win32.Registry.AccessControl</AssemblyName>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>mscorlib</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>2.0.5.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<AssemblyInfo>
<AssemblyName>Microsoft.Win32.Registry</AssemblyName>
<AssemblyVersion>4.1.2.0</AssemblyVersion>
<AssemblyVersion>4.1.3.0</AssemblyVersion>
<AssemblyVersion>5.0.0.0</AssemblyVersion>
<AssemblyVersion>6.0.0.0</AssemblyVersion>
<AssemblyVersion>7.0.0.0</AssemblyVersion>
<AssemblyVersion>8.0.0.0</AssemblyVersion>
<AssemblyVersion>9.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Security.AccessControl.RegistryRights</ReturnType>
</ReturnValue>
<Docs>
<summary>Gets the rights allowed or denied by the access rule.</summary>
<value>A bitwise combination of <see cref="T:System.Security.AccessControl.RegistryRights" /> values indicating the rights allowed or denied by the access rule.</value>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
<xref:System.Security.AccessControl.RegistryAccessRule> objects are immutable. You can create a new access rule representing a different user, different rights, or a different <xref:System.Security.AccessControl.AccessControlType>, but you cannot modify an existing access rule.
]]></format>
</remarks>
</Docs>
</Member>
</Members>
</Type>