The common language runtime grants permissions to both application domains and assemblies. The permission-granting process can involve one or both of the following steps:
Compute the allowed permission set.
- At load time, the runtime determines the set of permissions that each policy level allows the code to have.
- The runtime then intersects the allowed permission sets for each relevant policy level, resulting in one set of allowed permissions for the application ___domain or assembly.
Determine the granted permissions.
The runtime compares the final set of allowed permissions with the permissions that the assembly requests, which results in a set of permissions that is granted to the assembly. This step does not apply to permission grants for application domains.