System.Security.AccessControl.SemaphoreSecurity Class

Represents the Windows access control security for a named semaphore. This class cannot be inherited.

See Also: SemaphoreSecurity Members


public sealed class SemaphoreSecurity : NativeObjectSecurity


A System.Security.AccessControl.SemaphoreSecurity object specifies access rights for a named system semaphore, and also specifies how access attempts are audited. Access rights to the semaphore are expressed as rules, with each access rule represented by a System.Security.AccessControl.SemaphoreAccessRule object. Each auditing rule is represented by a System.Security.AccessControl.SemaphoreAuditRule object.

This mirrors the underlying Windows security system, in which each securable object has at most one discretionary access control list (DACL) that controls access to the secured object, and at most one system access control list (SACL) that specifies which access attempts are audited. The DACL and SACL are ordered lists of access control entries (ACE) that specify access and auditing for users and groups. A System.Security.AccessControl.SemaphoreAccessRule or System.Security.AccessControl.SemaphoreAuditRule object might represent more than one ACE.


A System.Threading.Semaphore object can represent a local semaphore or a named system semaphore. Windows access control security is meaningful only for named system semaphores.

The System.Security.AccessControl.SemaphoreSecurity, System.Security.AccessControl.SemaphoreAccessRule, and System.Security.AccessControl.SemaphoreAuditRule classes hide the implementation details of ACLs and ACEs. They allow you to ignore the seventeen different ACE types and the complexity of correctly maintaining inheritance and propagation of access rights. These objects are also designed to prevent the following common access control errors:

The only capabilities not supported by the .NET security objects are dangerous activities that should be avoided by the majority of application developers, such as the following:

To modify Windows access control security for a named semaphore, use the System.Threading.Semaphore.GetAccessControl method to get the System.Security.AccessControl.SemaphoreSecurity object. Modify the security object by adding and removing rules, and then use the System.Threading.Semaphore.SetAccessControl(SemaphoreSecurity) method to reattach it.


Changes you make to a System.Security.AccessControl.SemaphoreSecurity object do not affect the access levels of the named semaphore until you call the System.Threading.Semaphore.SetAccessControl(SemaphoreSecurity) method to assign the altered security object to the named semaphore.

To copy access control security from one semaphore to another, use the System.Threading.Semaphore.GetAccessControl method to get a System.Security.AccessControl.SemaphoreSecurity object representing the access and audit rules for the first semaphore, then use the System.Threading.Semaphore.SetAccessControl(SemaphoreSecurity) method, or a constructor that accepts a System.Security.AccessControl.SemaphoreSecurity object, to assign those rules to the second semaphore.

Users with an investment in the security descriptor definition language (SDDL) can use the ObjectSecurity.SetSecurityDescriptorSddlForm(string) method to set access rules for a named semaphore, and the ObjectSecurity.GetSecurityDescriptorSddlForm(AccessControlSections) method to obtain a string that represents the access rules in SDDL format. This is not recommended for new development.


Security on synchronization objects is not supported for Windows 98 or Windows Millennium Edition.


Namespace: System.Security.AccessControl
Assembly: System (in System.dll)
Assembly Versions:,
Since: .NET 2.0