Access Permission Control Checks

An access ACL is identified by the keyword access_acl. The ACL name must be unique to be used with a DCOM access permissions item. An access ACL can contain one or multiple user entry.

Usage

<access_acl: ["name"]>

<user: ["user_name"]>

acl_inheritance: ["value"]

acl_apply: ["value"]

(optional) acl_allow: ["rights value"]

(optional) acl_deny: ["rights value"]

</user>

</acl>

Syntax

Associated Types	Allowed Types
acl_inheritance	not inherited inherited
acl_apply	this object only
acl_allow acl_deny	These settings are optional and are used to define the rights a user has on the object. Generic rights: local access remote access

Associated Types

Allowed Types

acl_inheritance

not inherited

inherited

acl_apply

this object only

acl_allow

acl_deny

These settings are optional and are used to define the rights a user has on the object.

Generic rights:

local access
remote access

An example access control check is shown below:

<access_acl: "3">

<user: "SELF">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Local Access"

</user>

<user: "SYSTEM">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Local Access"

</user>

<user: "Users">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Local Access"

</user>

</acl>