Service Access Control Checks

A service ACL is identified by the keyword service_acl. The ACL name must be unique to be used with a service permissions item. A service ACL can contain one or multiple user entry.

Usage

<service_acl: ["name"]>

<user: ["user_name"]>

acl_inheritance: ["value"]

acl_apply: ["value"]

(optional) acl_allow: ["rights value"]

(optional) acl_deny: ["rights value"]

</user>

</acl>

Syntax

Associated Types	Allowed Types
acl_inheritance	not inherited inherited not used
acl_apply	this object only
acl_allow acl_deny	These settings are optional and are used to define the rights a user has on the object. Generic rights: full control read start, stop and pause write delete Advanced rights: full control delete query template change template query status enumerate dependents start stop pause and continue interrogate user-defined control read permissions change permissions take ownership

Associated Types

Allowed Types

acl_inheritance

not inherited

inherited

not used

acl_apply

this object only

acl_allow

acl_deny

These settings are optional and are used to define the rights a user has on the object.

Generic rights:

full control
read
start, stop and pause
write
delete

Advanced rights:

full control
delete
query template
change template
query status
enumerate dependents
start
stop
pause and continue
interrogate
user-defined control
read permissions
change permissions
take ownership

An example service access control check is shown below:

<service_acl: "ALERT ACL">

<user: "Administrators">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "query template" | "change template" | "query status" | "enumerate

control" | "delete" | "read permissions" | "change permissions" | "take

ownership"

</user>

</acl>