Access Rules
Access rules are a type of special filter rule supported by the CBFilter and CBRegistry classes. Access rules instruct the class's system driver to automatically process certain requests automatically in a certain manner, without involving the class itself.
Like standard filter rules, access rules use either a file mask or a registry key mask to determine which operations should be handled automatically. For CBFilter, access rules can also include additional qualifiers like file size, attributes, etc.; but as with standard filter rules, the mask always takes precedence.
By adding a matching access rule, applications can effectively make one or more files or registry keys read-only, write-only, inaccessible, and/or protected from deletion. Since the desired access restrictions are enforced by the class's system driver, the application won't have to handle any events, which increases their overall performance and efficiency (especially if the application's sole purpose is access control).
Access rules have higher priority than standard filter rules, but they do not "hide" the latter. If a file/directory or registry key matches both an access rule and a standard filter rule, then the class's system driver makes any changes necessary to enforce the restriction(s) specified by the access rule, and then the class fires whatever events are specified by the standard filter rule.
The methods that the CBFilter and CBRegistry classs provide for managing standard filter rules are also used to manage access rules:
Access rules are stored in the same ruleset as standard filter rules. As the Filter Rules topic describes, each rule in a ruleset must have a unique mask; therefore, access rules and standard filter rules with the same mask are aggregated into a single rule. Knowledge of this behavior is helpful for understanding how the above methods work.Access rules are deactivated and deleted when the application exits. For use-cases where this is undesirable, applications may wish to use default rules instead; they provide the same functionality, but are managed by the class's system driver, and are thus enforced anytime it is loaded, regardless of whether the application itself is open.