Prev: Combine EXE and DLL
Next: setting FullTrust on LocalIntranet give not any effect
From: Tony Johansson on 21 May 2010 16:14
Hi

Can you specify any situation when this flag -exclusive on
is not used meaning that we use the UNION of all the permission from all
code groups to which it belongs ?
I can't see any such situation.

caspol -ag 1 -url file:///C:/test/* Internet -n InternetTest -exclusive on

//Tony


From: Alberto Poblacion on 22 May 2010 03:35
"Tony Johansson" <johansson.andersson(a)telia.com> wrote in message
news:OsqEBJS%23KHA.5808(a)TK2MSFTNGP02.phx.gbl...
> Can you specify any situation when this flag -exclusive on
> is not used meaning that we use the UNION of all the permission from all
> code groups to which it belongs ?
> I can't see any such situation.

For instance, you are loading an assembly from a server
(\\myServer\MyFolder\myProgram.exe). It doesn't have enough permissions to
run in your computer. For instance, it needs to access a database, which
isn't allowed by the default local_intranet permissions. So you use Caspol
to add the database permission. It doesn't have to be Exclusive; you still
want the application to receive the rest of the permissions that it gets
from other groups (such as presenting a UI on screen), without having to add
each and every permission to the group that you created for the purpose of
assigning database permissions.

 | 
Pages: 1
Prev: Combine EXE and DLL
Next: setting FullTrust on LocalIntranet give not any effect