Code group (3) attributes

Source: Internet
Author: User
Code group (3) attributes

Code groups can have attributes that affect how the common language runtime determines the permission set permitted by the Assembly. There are two types of attributes that can be applied to a code group: Exclusive and LevelFinal.

Exclusive attribute. The permission set permitted at the policy level is the permission set associated with the code group with this attribute. When considering all policy levels, the runtime database grants no more permissions to the code than the permissions associated with the Exclusive code group. At the given policy level, the code can only be a member of a code group with the Exclusive attribute. This attribute prevents other code groups at the same policy level from being considered when the runtime calculates the authorization of an assembly in an exclusive code group. However, the policy levels below and below the current level are still calculated. This attribute allows a specific code group to make a unique decision for the current policy level regarding the permission granted to the Assembly that matches the group. This is useful when you need to grant a specific permission set to a specific assembly and do not allow the permission for other code group matches at the same policy level.

Note:If an assembly belongs to multiple exclusive code groups, execution of the Assembly is not allowed.

When checking the code group members and granting permissions, The LevelFinal attribute does not consider any other policy levels beyond the policy level of the code group and beyond the application domain level. Enterprise-level policies are the highest level of policies, followed by computer policies, user policies, and then application domain policies. For example, if the LevelFinal attribute is applied to a code group in an enterprise-level policy and a code matches the membership condition of the code group, the computer-level policy and user-level policy will not apply to the code. The application of the LevelFinal attribute ensures that the Assembly associated with the code group with this attribute will never receive fewer permissions because of the decision made by the lower policy level administrator.

You can use the. NET Framework Configuration tool or the code access security policy tool to enable or disable the Exclusive (or LevelFinal) attribute for the code group. To enable the code group Exclusive attribute, follow these steps:

Caspol-chggroup 1.2.1.-exclusive on

Use the chggroup command to change the code group labeled 1.2.1 and set the Exclusive attribute to the on state.

--------------------- Note: Part of this article is changed from. NET Security secrets.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.