SecurityACLFormat

The format of your custom access control list (ACL). This parameter is used only by the AUTONOMY_SECURITY_V4_GENERIC_MAPPED security type.

To define a generic security type, you must set SecurityACLFormat and SecurityACLCheck. For more information, refer to the IDOL Document Security Administration Guide.

Specify the ACL Format

SecurityACLFormat=ACLFormatString

where,

Variable Format
ACLFormatString String ACLFormatFields String
   ACLFormatFields ACLField | ACLField NonEmptyString ACLFormatFields
      ACLField "<" ACLFieldName "=" Properties ">"
         ACLFieldName NonEmptyString
         Properties Property | Property Properties
            Property "B" | "D" | "S" | "L" | "E" | "X" | "C" | "+" | "-" | "!"
   String "" | NonEmptyString
      NonEmptyString Character String

Specify the Security Checks

SecurityACLCheck=ACLCheckString

where,

Variable Format
ACLCheckString CheckString | CheckString "," ACLCheckString
   CheckString ACLValue Operator UserValue "?" MatchAction ":" NoMatchAction
      ACLValue "'" String "'" | ACLFieldName
      Operator "=" | "~=" | "&=" | "~&=" | "=~" | "=&" | "=&~"
      UserValue String | "[" ValueType "]"
         ValueType "U" | "USER" | "G" | "GROUP" | "D" | "DOMAIN" | "DU" | "DOMAINUSER" | "DG" | "DOMAINGROUP" | "P" | "PASSWORD"
      MatchAction Action
      NoMatchAction Action
         Action "P" | "PASS" | "F" | "FAIL" | "C" | "-" | "CONTINUE" | PositiveInteger

Syntax

The following table defines the property types used in the SecurityACLFormat configuration parameter. Acceptable types appear in parentheses.

Property Definition
B Boolean type (equivalent to Digit type)
D Digit type
S String type
L Comma-separated list (S)
E Encrypted (S)
X Escaped (S)
C Case insensitive (S)
+ Positive terms (S)
- Negative terms (S)
! Everyone flag (B | D)

The following table describes the operators that you can use between the ACLValue and UserValue in the SecurityACLCheck configuration parameter:

Operator Definition Usage
= Returns true if there is at least one match.  
~= Returns true if there is at least one match, or if there is nothing in the ACLValue to check.  
&= Returns true only if every value in ACLValue matches a value in UserValue. There must be at least one match. Valid only when the UserValue is [G], [GROUP], [DG], or [DOMAINGROUP].
~&= Returns true if every value in ACLValue matches a value in UserValue, or if there is nothing in the ACLValue to check. Valid only when the UserValue is [G], [GROUP], [DG], or [DOMAINGROUP].
=~ Returns true if there is at least one match, or if there is nothing in the UserValue to check. Valid only when the UserValue is [G], [GROUP], [DG], or [DOMAINGROUP].
=& Returns true only if every value in UserValue matches a value in ACLValue. There must be at least one match. Valid only when the UserValue is [G], [GROUP], [DG], or [DOMAINGROUP].
=&~ Returns true if every value in UserValue matches a value in ACLValue, or if there is nothing in the UserValue to check. Valid only when the UserValue is [G], [GROUP], [DG], or [DOMAINGROUP].

The following table describes the possible values of ValueType in the SecurityACLCheck configuration parameter:

Value Type Definition
[U], [USER] User name only
[DU], [DOMAINUSER] Domain\User name or User name if \ exists
[G], [GROUP] Group only
[DG], [DOMAINGROUP] Domain\Group or Group if \ exists
[D], [DOMAIN] Domain only
[P], [PASSWORD] Password only

The following table describes the possible actions that can be used in the SecurityACLCheck configuration parameter:

Action Definition
F, FAIL Fail
P, PASS Pass
C, -, CONTINUE Continue
Number N Skip the next N checks

For more information, refer to the IDOL Document Security Administration Guide.

Type: String
Default:  
Required: Yes
Configuration Section: MySecurityType
Example:
SecurityACLFormat=<E=B!>:U:<U=SLE+>:G:<G=SLE+>:NU:<NU=SLE->:NG:<NG=SLE->
SecurityACLCheck=NU=[DU]?F:-,NG=[DG]?F:-,E=1?P:-,U=[DU]?P:-,G=[DG]?P:F 
See Also: SecurityACLCheck

_HP_HTML5_bannerTitle.htm