code group (1) Management of code groups

The code group provides us with a way to configure code access security through configuration. The Code Access Security Policy tool--caspol.exe enables you to create, delete, and change code groups.

A code group is essentially a conditional expression and a permission set. If the assembly satisfies the conditional expression, the permission set is granted. The set of code groups at each policy level is organized in the form of a tree.

Code groups can also specify how security policies are defined by attributes.

There are two tools available for managing code groups, one is the. NET Framework Configuration tool, and one is Caspol.exe. To demonstrate the use of these two tools, the view of the code group is Caspol.exe, from the command line, to the creation, modification, and deletion of the code group, using the. NET Framework Configuration tool to manipulate from the graphical interface.

View Code Groups

Start the Visual Studio command Prompt (2010) First, and then start the Access Security Policy tool Caspol.exe from the command line. You can enter "-?" at the command line. To see Caspol.exe's command help, as shown in Figure 1-1.

Figure 1-1 View Caspol.exe command Help

Next, use the commands in listing 1-1 to see the code groups under different policy levels.

Code listing 1-1 to see Code groups under different policy levels

View company-Level code groups
    
Caspol–enterprise–listgroups
    
//view computer-level code groups
    
Caspol–machine–listgroups
    
//View user-level code groups
    
caspol–user–listgroups
    
//View all levels of code group
    
caspol–all–listgroups
    
//View the default Level code group
    
caspol  – Listgroups

Figure 1-2 shows the results of viewing the code group at the computer level.

Figure 1-2 View the code group at the computer level

Note: If you use Caspol.exe to list code groups at the default policy level, for computer administrators, the default level is the machine policy level, and for other people, the default level is the user policy level.

Listing 1-2 lists the commands for viewing the code group name and description under a policy level.

Code clear 1-2 View the code group name and description under a policy level

View code group names and descriptions at the company level

Caspol–enterprise–listdescription

View code group names and descriptions at the computer level

Caspol–machine–listdescription

View the code group name and description under the user level

Caspol–user–listdescription

View code group names and descriptions at all levels

Caspol–all–listdescription

View the code group name and description under the default level

Caspol–listdescription