Access Permission Control Checks
An access ACL is identified by the keyword access_acl
. The ACL name must be unique to be used with a DCOM access
permissions item. An access ACL can contain one or multiple user entry.
Usage
<access_acl: ["name"]>
<user: ["user_name"]>
acl_inheritance: ["value"]
acl_apply: ["value"]
(optional) acl_allow: ["rights value"]
(optional) acl_deny: ["rights value"]
</user>
</acl>
Syntax
Associated Types |
Allowed Types |
---|---|
acl_inheritance |
not inherited inherited |
acl_apply |
this object only |
acl_allow acl_deny |
These settings are optional and are used to define the rights a user has on the object. Generic rights:
|
An example access control check is shown below:
<access_acl: "3">
<user: "SELF">
acl_inheritance: "not inherited"
acl_apply: "This object only"
acl_allow: "Local Access"
</user>
<user: "SYSTEM">
acl_inheritance: "not inherited"
acl_apply: "This object only"
acl_allow: "Local Access"
</user>
<user: "Users">
acl_inheritance: "not inherited"
acl_apply: "This object only"
acl_allow: "Local Access"
</user>
</acl>