TOC & Recently Viewed

Recently Viewed Topics

Service Access Control Checks

A service ACL is identified by the keyword service_acl. The ACL name must be unique to be used with a service permissions item. A service ACL can contain one or multiple user entry.

Usage

<service_acl: ["name"]>

 

<user: ["user_name"]>

acl_inheritance: ["value"]

acl_apply: ["value"]

(optional) acl_allow: ["rights value"]

(optional) acl_deny: ["rights value"]

</user>

 

</acl>

Syntax

Associated Types

Allowed Types

acl_inheritance

not inherited

inherited

not used

acl_apply

this object only

acl_allow

acl_deny

These settings are optional and are used to define the rights a user has on the object.

Generic rights:

  • full control
  • read
  • start, stop and pause
  • write
  • delete

Advanced rights:

  • full control
  • delete
  • query template
  • change template
  • query status
  • enumerate dependents
  • start
  • stop
  • pause and continue
  • interrogate
  • user-defined control
  • read permissions
  • change permissions
  • take ownership

An example service access control check is shown below:

<service_acl: "ALERT ACL">

 

<user: "Administrators">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "query template" | "change template" | "query status" | "enumerate

dependents" | "start" | "stop" | "pause and continue" | "interrogate" | "userdefined

control" | "delete" | "read permissions" | "change permissions" | "take

ownership"

</user>

 

</acl>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.