Access Permission Control Checks

An access ACL is identified by the keyword access_acl. The ACL name must be unique to be used with a DCOM access permissions item. An access ACL can contain one or multiple user entry.

Usage

<access_acl: ["name"]>

 

<user: ["user_name"]>

acl_inheritance: ["value"]

acl_apply: ["value"]

(optional) acl_allow: ["rights value"]

(optional) acl_deny: ["rights value"]

</user>

 

</acl>

Syntax

Associated Types

Allowed Types

acl_inheritance

not inherited

inherited

acl_apply

this object only

acl_allow

acl_deny

These settings are optional and are used to define the rights a user has on the object.

Generic rights:

  • local access
  • remote access

An example access control check is shown below:

<access_acl: "3">

 

<user: "SELF">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Local Access"

</user>

 

<user: "SYSTEM">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Local Access"

</user>

 

<user: "Users">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Local Access"

</user>

 

</acl>