SecurityACLFormat
The format of your custom access control list (ACL). This parameter is used only by the AUTONOMY_SECURITY_V4_GENERIC_MAPPED security type.
To define a generic security type, you must set SecurityACLFormat and SecurityACLCheck. For more information, refer to the Document Security Administration Guide.
Specify the ACL Format
SecurityACLFormat=ACLFormatString
where,
| Variable | Format |
|---|---|
ACLFormatString
|
String ACLFormatFields String
|
ACLFormatFields
|
ACLField | ACLField NonEmptyString ACLFormatFields
|
ACLField
|
"<" ACLFieldName "=" Properties ">"
|
ACLFieldName
|
NonEmptyString
|
Properties
|
Property | Property Properties
|
Property
|
"B" | "D" | "S" | "L" | "E" | "X" | "C" | "+" | "-" | "!"
|
String
|
"" | NonEmptyString
|
NonEmptyString
|
Character String
|
Specify the Security Checks
SecurityACLCheck=ACLCheckString
where,
| Variable | Format |
|---|---|
ACLCheckString
|
CheckString | CheckString "," ACLCheckString
|
CheckString
|
ACLValue Operator UserValue "?" MatchAction ":" NoMatchAction
|
ACLValue
|
"'" String "'" | ACLFieldName
|
Operator
|
"=" | "~=" | "&=" | "~&=" | "=~" | "=&" | "=&~"
|
UserValue
|
String | "[" ValueType "]"
|
ValueType
|
"U" | "USER" | "G" | "GROUP" | "D" | "DOMAIN" | "DU" | "DOMAINUSER" | "DG" | "DOMAINGROUP" | "P" | "PASSWORD"
|
MatchAction
|
Action
|
NoMatchAction
|
Action
|
Action
|
"P" | "PASS" | "F" | "FAIL" | "C" | "-" | "CONTINUE" | PositiveInteger
|
Syntax
The following table defines the property types used in the SecurityACLFormat configuration parameter. Acceptable types appear in parentheses.
| Property | Definition |
|---|---|
B
|
Boolean type (equivalent to Digit type) |
D
|
Digit type |
S
|
String type |
L
|
Comma-separated list (S) |
E
|
Encrypted (S) |
X
|
Escaped (S) |
C
|
Case insensitive (S) |
+
|
Positive terms (S) |
-
|
Negative terms (S) |
!
|
Everyone flag (B | D) |
The following table describes the operators that you can use between the ACLValue and UserValue in the SecurityACLCheck configuration parameter:
| Operator | Definition | Usage |
|---|---|---|
=
|
Returns true if there is at least one match. | |
~=
|
Returns true if there is at least one match, or if there is nothing in the ACLValue to check. |
|
&=
|
Returns true only if every value in ACLValue matches a value in UserValue. There must be at least one match. |
Valid only when the UserValue is [G], [GROUP], [DG], or [DOMAINGROUP]. |
~&=
|
Returns true if every value in ACLValue matches a value in UserValue, or if there is nothing in the ACLValue to check. |
Valid only when the UserValue is [G], [GROUP], [DG], or [DOMAINGROUP]. |
=~
|
Returns true if there is at least one match, or if there is nothing in the UserValue to check. |
Valid only when the UserValue is [G], [GROUP], [DG], or [DOMAINGROUP]. |
=&
|
Returns true only if every value in UserValue matches a value in ACLValue. There must be at least one match. |
Valid only when the UserValue is [G], [GROUP], [DG], or [DOMAINGROUP]. |
=&~
|
Returns true if every value in UserValue matches a value in ACLValue, or if there is nothing in the UserValue to check. |
Valid only when the UserValue is [G], [GROUP], [DG], or [DOMAINGROUP]. |
The following table describes the possible values of ValueType in the SecurityACLCheck configuration parameter:
| Value Type | Definition |
|---|---|
[U], [USER]
|
User name only |
[DU], [DOMAINUSER]
|
Domain\User name or User name if \ exists |
[G], [GROUP]
|
Group only |
[DG], [DOMAINGROUP]
|
Domain\Group or Group if \ exists |
[D], [DOMAIN]
|
Domain only |
[P], [PASSWORD]
|
Password only |
The following table describes the possible actions that can be used in the SecurityACLCheck configuration parameter:
| Action | Definition |
|---|---|
F, FAIL
|
Fail |
P, PASS
|
Pass |
C, -, CONTINUE
|
Continue |
Number N
|
Skip the next N checks |
For more information, refer to the Document Security Administration Guide.
| Type: | String |
| Default: | |
| Required: | Yes |
| Configuration Section: | MySecurityType
|
| Example: | SecurityACLFormat=<E=B!>:U:<U=SLE+>:G:<G=SLE+>:NU:<NU=SLE->:NG:<NG=SLE->
|
| See Also: | SecurityACLCheck |