Service Access Control Checks

A service ACL is identified by the keyword service_acl. The ACL name must be unique to be used with a service permissions item. A service ACL can contain one or multiple user entry.

Usage

<service_acl: ["name"]>

 

<user: ["user_name"]>

acl_inheritance: ["value"]

acl_apply: ["value"]

(optional) acl_allow: ["rights value"]

(optional) acl_deny: ["rights value"]

</user>

 

</acl>

Syntax

Associated Types

Allowed Types

acl_inheritance

not inherited

inherited

not used

acl_apply

this object only

acl_allow

acl_deny

These settings are optional and are used to define the rights a user has on the object.

Generic rights:

  • full control
  • read
  • start, stop and pause
  • write
  • delete

Advanced rights:

  • full control
  • delete
  • query template
  • change template
  • query status
  • enumerate dependents
  • start
  • stop
  • pause and continue
  • interrogate
  • user-defined control
  • read permissions
  • change permissions
  • take ownership

An example service access control check is shown below:

<service_acl: "ALERT ACL">

 

<user: "Administrators">

acl_inheritance: "not inherited"

acl_apply: "This object only"

acl_allow: "query template" | "change template" | "query status" | "enumerate

dependents" | "start" | "stop" | "pause and continue" | "interrogate" | "userdefined

control" | "delete" | "read permissions" | "change permissions" | "take

ownership"

</user>

 

</acl>