SecurityACLFormat
The format of your custom access control list (ACL). This parameter is used only by the AUTONOMY_SECURITY_V4_GENERIC_MAPPED
security type.
To define a generic security type, you must set SecurityACLFormat
and SecurityACLCheck. For more information, refer to the IDOL Document Security Administration Guide.
Specify the ACL Format
SecurityACLFormat=ACLFormatString
where,
Variable | Format |
---|---|
ACLFormatString
|
String ACLFormatFields String
|
ACLFormatFields
|
ACLField | ACLField NonEmptyString ACLFormatFields
|
ACLField
|
"<" ACLFieldName "=" Properties ">"
|
ACLFieldName
|
NonEmptyString
|
Properties
|
Property | Property Properties
|
Property
|
"B" | "D" | "S" | "L" | "E" | "X" | "C" | "+" | "-" | "!"
|
String
|
"" | NonEmptyString
|
NonEmptyString
|
Character String
|
Specify the Security Checks
SecurityACLCheck=ACLCheckString
where,
Variable | Format |
---|---|
ACLCheckString
|
CheckString | CheckString "," ACLCheckString
|
CheckString
|
ACLValue Operator UserValue "?" MatchAction ":" NoMatchAction
|
ACLValue
|
"'" String "'" | ACLFieldName
|
Operator
|
"=" | "~=" | "&=" | "~&=" | "=~" | "=&" | "=&~"
|
UserValue
|
String | "[" ValueType "]"
|
ValueType
|
"U" | "USER" | "G" | "GROUP" | "D" | "DOMAIN" | "DU" | "DOMAINUSER" | "DG" | "DOMAINGROUP" | "P" | "PASSWORD"
|
MatchAction
|
Action
|
NoMatchAction
|
Action
|
Action
|
"P" | "PASS" | "F" | "FAIL" | "C" | "-" | "CONTINUE" | PositiveInteger
|
Syntax
The following table defines the property types used in the SecurityACLFormat
configuration parameter. Acceptable types appear in parentheses.
Property | Definition |
---|---|
B
|
Boolean type (equivalent to Digit type) |
D
|
Digit type |
S
|
String type |
L
|
Comma-separated list (S) |
E
|
Encrypted (S) |
X
|
Escaped (S) |
C
|
Case insensitive (S) |
+
|
Positive terms (S) |
-
|
Negative terms (S) |
!
|
Everyone flag (B | D) |
The following table describes the operators that you can use between the ACLValue
and UserValue
in the SecurityACLCheck
configuration parameter:
Operator | Definition | Usage |
---|---|---|
=
|
Returns true if there is at least one match. | |
~=
|
Returns true if there is at least one match, or if there is nothing in the ACLValue to check. |
Valid only when the ACLValue field has the L (list) property. |
&=
|
Returns true only if every value in ACLValue matches a value in UserValue . There must be at least one match. |
Valid only when the UserValue is [G] , [GROUP] , [DG] , or [DOMAINGROUP] . |
~&=
|
Returns true if every value in ACLValue matches a value in UserValue , or if there is nothing in the ACLValue to check. |
Valid only when the UserValue is [G] , [GROUP] , [DG] , or [DOMAINGROUP] , and the ACLValue field has the L (list) property. |
=~
|
Returns true if there is at least one match, or if there is nothing in the UserValue to check. |
Valid only when the UserValue is [G] , [GROUP] , [DG] , or [DOMAINGROUP] . |
=&
|
Returns true only if every value in UserValue matches a value in ACLValue . There must be at least one match. |
Valid only when the UserValue is [G] , [GROUP] , [DG] , or [DOMAINGROUP] . |
=&~
|
Returns true if every value in UserValue matches a value in ACLValue , or if there is nothing in the UserValue to check. |
Valid only when the UserValue is [G] , [GROUP] , [DG] , or [DOMAINGROUP] . |
The following table describes the possible values of ValueType
in the SecurityACLCheck
configuration parameter:
Value Type | Definition |
---|---|
[U], [USER]
|
User name only |
[DU], [DOMAINUSER]
|
Domain\User name or User name if \ exists |
[G], [GROUP]
|
Group only |
[DG], [DOMAINGROUP]
|
Domain\Group or Group if \ exists |
[D], [DOMAIN]
|
Domain only |
[P], [PASSWORD]
|
Password only |
The following table describes the possible actions that can be used in the SecurityACLCheck
configuration parameter:
Action | Definition |
---|---|
F, FAIL
|
Fail |
P, PASS
|
Pass |
C, -, CONTINUE
|
Continue |
Number N
|
Skip the next N checks |
For more information, refer to the IDOL Document Security Administration Guide.
Type: | String |
Default: | |
Required: | Yes |
Configuration Section: | MySecurityType
|
Example: | SecurityACLFormat=<E=B!>:U:<U=SLE+>:G:<G=SLE+>:NU:<NU=SLE->:NG:<NG=SLE->
|
See Also: | SecurityACLCheck |