You are here: Compliance Check Types > Windows Configuration > ACL Format > Access Permission Control Checks

Access Permission Control Checks

An access ACL is identified by the keyword access_acl. The ACL name must be unique to be used with a DCOM access permissions item. An access ACL can contain one or multiple user entry.

Usage

<access_acl: ["name"]>

 

<user: ["user_name"]>

acl_inheritance: ["value"]

acl_apply: ["value"]

(optional) acl_allow: ["rights value"]

(optional) acl_deny: ["rights value"]

</user>

 

</acl>

Syntax

Associated Types

Allowed Types

acl_inheritance

not inherited

inherited

acl_apply

this object only

acl_allow

acl_deny

These settings are optional and are used to define the rights a user has on the object.

Generic rights:

  • local access
  • remote access

An example access control check is shown below:

<access_acl: "3">

 

<user: "SELF">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Local Access"

</user>

 

<user: "SYSTEM">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Local Access"

</user>

 

<user: "Users">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "Local Access"

</user>

 

</acl>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.