/// <summary>从与此 <see cref="T:System.Security.AccessControl.DirectoryObjectSecurity" /> 对象关联的系统访问控制列表 (SACL) 中移除与指定的审核规则完全匹配的所有审核规则。</summary> /// <param name="rule">要移除的审核规则。</param> protected void RemoveAuditRuleSpecific(ObjectAuditRule rule) { if (rule == null) { throw new ArgumentNullException("rule"); } this.WriteLock(); try { bool modified; this.ModifyAudit(AccessControlModification.RemoveSpecific, rule, out modified); } finally { this.WriteUnlock(); } }
protected void AddAuditRule(ObjectAuditRule rule) { if (rule == null) { throw new ArgumentNullException("rule"); } base.WriteLock(); try { bool flag; this.ModifyAudit(AccessControlModification.Add, rule, out flag); } finally { base.WriteUnlock(); } }
protected void SetAuditRule(ObjectAuditRule rule) { if (rule == null) { throw new ArgumentNullException("rule"); } base.WriteLock(); try { bool flag; this.ModifyAudit(AccessControlModification.Set, rule, out flag); } finally { base.WriteUnlock(); } }
protected void RemoveAuditRuleAll(ObjectAuditRule rule) { if (rule == null) { throw new ArgumentNullException(nameof(rule)); } WriteLock(); try { bool modified; ModifyAudit(AccessControlModification.RemoveAll, rule, out modified); } finally { WriteUnlock(); } }
protected void SetAuditRule(ObjectAuditRule rule) { if (rule == null) { throw new ArgumentNullException(nameof(rule)); } Contract.EndContractBlock(); WriteLock(); try { bool modified; ModifyAudit(AccessControlModification.Set, rule, out modified); } finally { WriteUnlock(); } }
protected bool RemoveAuditRule(ObjectAuditRule rule) { if (rule == null) { throw new ArgumentNullException("rule"); } Contract.EndContractBlock(); WriteLock(); try { bool modified; return(ModifyAudit(AccessControlModification.Remove, rule, out modified)); } finally { WriteUnlock(); } }
protected bool RemoveAuditRule(ObjectAuditRule rule) { bool flag2; if (rule == null) { throw new ArgumentNullException("rule"); } base.WriteLock(); try { bool flag; flag2 = this.ModifyAudit(AccessControlModification.Remove, rule, out flag); } finally { base.WriteUnlock(); } return(flag2); }
public bool RemoveAudit(SecurityIdentifier sid, ObjectAuditRule rule) { return RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); }
protected bool RemoveAuditRule(ObjectAuditRule rule) { if (rule == null) { throw new ArgumentNullException(nameof(rule)); } Contract.EndContractBlock(); WriteLock(); try { bool modified; return ModifyAudit(AccessControlModification.Remove, rule, out modified); } finally { WriteUnlock(); } }
// // Modifies the SACL // private bool ModifyAudit(AccessControlModification modification, ObjectAuditRule rule, out bool modified) { bool result = true; if (SecurityDescriptor.SystemAcl == null) { if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific) { modified = false; return(result); } //_securityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, GenericAcl.AclRevisionDS, 1); //_securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent); SecurityDescriptor.AddSystemAcl(GenericAcl.AclRevisionDS, 1); } else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset) && (rule.ObjectFlags != ObjectAceFlags.None)) { // // This will result in an object ace being added to the sacl, so the sacl revision must be AclRevisionDS // if (SecurityDescriptor.SystemAcl.Revision < GenericAcl.AclRevisionDS) { // // we need to create a new sacl with the same aces as the existing one but the revision should be AclRevisionDS // byte[] binaryForm = new byte[SecurityDescriptor.SystemAcl.BinaryLength]; SecurityDescriptor.SystemAcl.GetBinaryForm(binaryForm, 0); binaryForm[0] = GenericAcl.AclRevisionDS; // revision is the first byte of the binary form SecurityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, new RawAcl(binaryForm, 0)); } } SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier; switch (modification) { case AccessControlModification.Add: //_securityDescriptor.SystemAcl.AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); SecurityDescriptor.SystemAcl.AddAudit(sid, rule); break; case AccessControlModification.Set: //_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); SecurityDescriptor.SystemAcl.SetAudit(sid, rule); break; case AccessControlModification.Reset: SecurityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); //_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); SecurityDescriptor.SystemAcl.SetAudit(sid, rule); break; case AccessControlModification.Remove: //result = _securityDescriptor.SystemAcl.RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); result = SecurityDescriptor.SystemAcl.RemoveAudit(sid, rule); break; case AccessControlModification.RemoveAll: result = SecurityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); if (result == false) { throw new InvalidOperationException(SR.InvalidOperation_RemoveFail); } break; case AccessControlModification.RemoveSpecific: //_securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); SecurityDescriptor.SystemAcl.RemoveAuditSpecific(sid, rule); break; default: throw new ArgumentOutOfRangeException( nameof(modification), SR.ArgumentOutOfRange_Enum); } modified = result; AuditRulesModified |= modified; return(result); }
protected bool RemoveAuditRule(ObjectAuditRule rule) { return(default(bool)); }
protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified) { if (null == rule) { throw new ArgumentNullException("rule"); } ObjectAuditRule orule = rule as ObjectAuditRule; if (null == orule) { throw new ArgumentException("rule"); } modified = true; WriteLock(); try { switch (modification) { case AccessControlModification.Add: if (null == descriptor.SystemAcl) { descriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, 1); } descriptor.SystemAcl.AddAudit(orule.AuditFlags, SidFromIR(orule.IdentityReference), orule.AccessMask, orule.InheritanceFlags, orule.PropagationFlags, orule.ObjectFlags, orule.ObjectType, orule.InheritedObjectType); break; case AccessControlModification.Set: if (null == descriptor.SystemAcl) { descriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, 1); } descriptor.SystemAcl.SetAudit(orule.AuditFlags, SidFromIR(orule.IdentityReference), orule.AccessMask, orule.InheritanceFlags, orule.PropagationFlags, orule.ObjectFlags, orule.ObjectType, orule.InheritedObjectType); break; case AccessControlModification.Reset: break; case AccessControlModification.Remove: if (null == descriptor.SystemAcl) { modified = false; } else { modified = descriptor.SystemAcl.RemoveAudit(orule.AuditFlags, SidFromIR(orule.IdentityReference), orule.AccessMask, orule.InheritanceFlags, orule.PropagationFlags, orule.ObjectFlags, orule.ObjectType, orule.InheritedObjectType); } break; case AccessControlModification.RemoveAll: PurgeAuditRules(orule.IdentityReference); break; case AccessControlModification.RemoveSpecific: if (null != descriptor.SystemAcl) { descriptor.SystemAcl.RemoveAuditSpecific(orule.AuditFlags, SidFromIR(orule.IdentityReference), orule.AccessMask, orule.InheritanceFlags, orule.PropagationFlags, orule.ObjectFlags, orule.ObjectType, orule.InheritedObjectType); } break; default: throw new ArgumentOutOfRangeException("modification"); } if (modified) { AuditRulesModified = true; } } finally { WriteUnlock(); } return(modified); }
protected void AddAuditRule(ObjectAuditRule rule) { }
protected void AddAuditRule(ObjectAuditRule rule) { throw new NotImplementedException(); }
protected void RemoveAuditRuleSpecific(ObjectAuditRule rule) { }
protected void SetAuditRule(ObjectAuditRule rule) { }
protected void RemoveAuditRuleAll(ObjectAuditRule rule) { }
protected bool RemoveAuditRule(ObjectAuditRule rule) { return default(bool); }
// // Modifies the SACL // private bool ModifyAudit(AccessControlModification modification, ObjectAuditRule rule, out bool modified) { bool result = true; if (_securityDescriptor.SystemAcl == null) { if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific) { modified = false; return result; } //_securityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, GenericAcl.AclRevisionDS, 1); //_securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent); _securityDescriptor.AddSystemAcl(GenericAcl.AclRevisionDS, 1); } else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset) && (rule.ObjectFlags != ObjectAceFlags.None)) { // // This will result in an object ace being added to the sacl, so the sacl revision must be AclRevisionDS // if (_securityDescriptor.SystemAcl.Revision < GenericAcl.AclRevisionDS) { // // we need to create a new sacl with the same aces as the existing one but the revision should be AclRevisionDS // byte[] binaryForm = new byte[_securityDescriptor.SystemAcl.BinaryLength]; _securityDescriptor.SystemAcl.GetBinaryForm(binaryForm, 0); binaryForm[0] = GenericAcl.AclRevisionDS; // revision is the first byte of the binary form _securityDescriptor.SystemAcl = new SystemAcl(IsContainer, IsDS, new RawAcl(binaryForm, 0)); } } SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier; switch (modification) { case AccessControlModification.Add: //_securityDescriptor.SystemAcl.AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); _securityDescriptor.SystemAcl.AddAudit(sid, rule); break; case AccessControlModification.Set: //_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); _securityDescriptor.SystemAcl.SetAudit(sid, rule); break; case AccessControlModification.Reset: _securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); //_securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); _securityDescriptor.SystemAcl.SetAudit(sid, rule); break; case AccessControlModification.Remove: //result = _securityDescriptor.SystemAcl.RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); result = _securityDescriptor.SystemAcl.RemoveAudit(sid, rule); break; case AccessControlModification.RemoveAll: result = _securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, 0, ObjectAceFlags.None, Guid.Empty, Guid.Empty); if (result == false) { Debug.Assert(false, "Invalid operation"); throw new Exception(); } break; case AccessControlModification.RemoveSpecific: //_securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); _securityDescriptor.SystemAcl.RemoveAuditSpecific(sid, rule); break; default: throw new ArgumentOutOfRangeException( "modification", SR.ArgumentOutOfRange_Enum); } modified = result; AuditRulesModified |= modified; return result; }
public bool RemoveAudit(SecurityIdentifier sid, ObjectAuditRule rule) { return(RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType)); }
protected bool RemoveAuditRule(ObjectAuditRule rule) { throw new NotImplementedException(); }
public void RemoveAuditSpecific(SecurityIdentifier sid, ObjectAuditRule rule) { RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); }
public new void RemoveAuditRuleSpecific(ObjectAuditRule rule) { base.RemoveAuditRuleSpecific(rule); }
public void AddAudit(SecurityIdentifier sid, ObjectAuditRule rule) { AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); }
protected void SetAuditRule(ObjectAuditRule rule) { bool modified; ModifyAudit(AccessControlModification.Set, rule, out modified); }
private bool ModifyAudit(AccessControlModification modification, ObjectAuditRule rule, out bool modified) { bool flag = true; if (this._securityDescriptor.SystemAcl == null) { if (modification == AccessControlModification.Remove || modification == AccessControlModification.RemoveAll || modification == AccessControlModification.RemoveSpecific) { modified = false; return(flag); } this._securityDescriptor.SystemAcl = new SystemAcl(this.IsContainer, this.IsDS, GenericAcl.AclRevisionDS, 1); this._securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent); } else if ((modification == AccessControlModification.Add || modification == AccessControlModification.Set || modification == AccessControlModification.Reset) && (rule.ObjectFlags != ObjectAceFlags.None && (int)this._securityDescriptor.SystemAcl.Revision < (int)GenericAcl.AclRevisionDS)) { byte[] binaryForm = new byte[this._securityDescriptor.SystemAcl.BinaryLength]; this._securityDescriptor.SystemAcl.GetBinaryForm(binaryForm, 0); binaryForm[0] = GenericAcl.AclRevisionDS; this._securityDescriptor.SystemAcl = new SystemAcl(this.IsContainer, this.IsDS, new RawAcl(binaryForm, 0)); } SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier; switch (modification) { case AccessControlModification.Add: this._securityDescriptor.SystemAcl.AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Set: this._securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Reset: this._securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Success | AuditFlags.Failure, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty); this._securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Remove: flag = this._securityDescriptor.SystemAcl.RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.RemoveAll: flag = this._securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Success | AuditFlags.Failure, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty); if (!flag) { throw new SystemException(); } break; case AccessControlModification.RemoveSpecific: this._securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; default: throw new ArgumentOutOfRangeException("modification", Environment.GetResourceString("ArgumentOutOfRange_Enum")); } modified = flag; this.AuditRulesModified = this.AuditRulesModified | modified; return(flag); }
private bool ModifyAudit(AccessControlModification modification, ObjectAuditRule rule, out bool modified) { bool flag = true; if (base._securityDescriptor.SystemAcl == null) { if (((modification == AccessControlModification.Remove) || (modification == AccessControlModification.RemoveAll)) || (modification == AccessControlModification.RemoveSpecific)) { modified = false; return flag; } base._securityDescriptor.SystemAcl = new SystemAcl(base.IsContainer, base.IsDS, GenericAcl.AclRevisionDS, 1); base._securityDescriptor.AddControlFlags(ControlFlags.SystemAclPresent); } else if ((((modification == AccessControlModification.Add) || (modification == AccessControlModification.Set)) || (modification == AccessControlModification.Reset)) && ((rule.ObjectFlags != ObjectAceFlags.None) && (base._securityDescriptor.SystemAcl.Revision < GenericAcl.AclRevisionDS))) { byte[] binaryForm = new byte[base._securityDescriptor.SystemAcl.BinaryLength]; base._securityDescriptor.SystemAcl.GetBinaryForm(binaryForm, 0); binaryForm[0] = GenericAcl.AclRevisionDS; base._securityDescriptor.SystemAcl = new SystemAcl(base.IsContainer, base.IsDS, new RawAcl(binaryForm, 0)); } SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier; switch (modification) { case AccessControlModification.Add: base._securityDescriptor.SystemAcl.AddAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Set: base._securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Reset: base._securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty); base._securityDescriptor.SystemAcl.SetAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.Remove: flag = base._securityDescriptor.SystemAcl.RemoveAudit(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; case AccessControlModification.RemoveAll: flag = base._securityDescriptor.SystemAcl.RemoveAudit(AuditFlags.Failure | AuditFlags.Success, sid, -1, InheritanceFlags.ContainerInherit, PropagationFlags.None, ObjectAceFlags.None, Guid.Empty, Guid.Empty); if (!flag) { throw new SystemException(); } break; case AccessControlModification.RemoveSpecific: base._securityDescriptor.SystemAcl.RemoveAuditSpecific(rule.AuditFlags, sid, rule.AccessMask, rule.InheritanceFlags, rule.PropagationFlags, rule.ObjectFlags, rule.ObjectType, rule.InheritedObjectType); break; default: throw new ArgumentOutOfRangeException("modification", Environment.GetResourceString("ArgumentOutOfRange_Enum")); } modified = flag; base.AuditRulesModified |= modified; return flag; }
protected bool RemoveAuditRule(ObjectAuditRule rule) { bool flag2; if (rule == null) { throw new ArgumentNullException("rule"); } base.WriteLock(); try { bool flag; flag2 = this.ModifyAudit(AccessControlModification.Remove, rule, out flag); } finally { base.WriteUnlock(); } return flag2; }
protected bool RemoveAuditRule (ObjectAuditRule rule) { throw new NotImplementedException (); }
protected void SetAuditRule (ObjectAuditRule rule) { bool modified; ModifyAudit (AccessControlModification.Set, rule, out modified); }
protected void RemoveAuditRuleSpecific (ObjectAuditRule rule) { throw new NotImplementedException (); }
protected void AddAuditRule (ObjectAuditRule rule) { throw new NotImplementedException (); }
public new void SetAuditRule(ObjectAuditRule rule) { base.SetAuditRule(rule); }
protected void RemoveAuditRuleSpecific(ObjectAuditRule rule) { if (rule == null) { throw new ArgumentNullException("rule"); } Contract.EndContractBlock(); WriteLock(); try { bool modified; ModifyAudit(AccessControlModification.RemoveSpecific, rule, out modified); } finally { WriteUnlock(); } }
protected void RemoveAuditRuleSpecific (ObjectAuditRule rule) { bool modified; ModifyAudit (AccessControlModification.RemoveSpecific, rule, out modified); }
protected void RemoveAuditRuleSpecific(ObjectAuditRule rule) { throw new NotImplementedException(); }
protected bool RemoveAuditRule(ObjectAuditRule rule) { bool modified; return(ModifyAudit(AccessControlModification.Remove, rule, out modified)); }
public new void RemoveAuditRuleAll(ObjectAuditRule rule) { base.RemoveAuditRuleAll(rule); }
protected void RemoveAuditRuleSpecific(ObjectAuditRule rule) { bool modified; ModifyAudit(AccessControlModification.RemoveSpecific, rule, out modified); }
public new bool RemoveAuditRule(ObjectAuditRule rule) { return(base.RemoveAuditRule(rule)); }
public new void AddAuditRule(ObjectAuditRule rule) { base.AddAuditRule(rule); }
protected bool RemoveAuditRule (ObjectAuditRule rule) { bool modified; return ModifyAudit (AccessControlModification.Remove, rule, out modified); }