In most cases, you use PrincipalPermission objects in the same way that you use code access security permission objects. However, some aspects of permission functionality are more useful than others. For example, you can call the Intersect method to intersect two PrincipalPermission objects, but intersection might not be very useful because identity and role are intersected independently to return a PrincipalPermission object that represents the identity and role common to the intersected objects. Therefore, in many cases, the returned object contains an empty string for the identity, the role, or both, and the object matches only an unauthenticated user (identity = "") or a user that does not belong to any roles (role = "").
Subset operations determine whether one PrincipalPermission object is a strict subset of another PrincipalPermission object. Effectively, this means that IsSubsetOf returns true only if either the identities and roles exactly match or if a role or identity is null. Therefore, IsSubsetOf has limited usefulness for this permission.
On the other hand, performing a Union operation on two PrincipalPermission objects can be useful when you want to compactly represent a set of conditions that you want to test, such as when you want to check for the presence of either one identity or another identity. For example, the following security check will succeed if the Principal object represents fred or sally in the role of Administrator.
String id1 = “fred”; String role1 = “Administrator”; PrincipalPermission myPrincipalPerm1 = new PrincipalPermission(id1, role1); String id2 = “sally”; String role2 = “Administrator”; PrincipalPermission myPrincipalPerm2 = new PrincipalPermission(id2, role2); (myPrincipalPerm1.Union(myPrincipalPerm2)).Demand();