The XML for an ACL has a single top-level accessControlList element. All ACLs must contain this element. The XML for an ACL also contains the elements listed in the table below.
Element | Valid values | Description |
---|---|---|
N/A |
Container for the grantee and permissions elements. Identifies one user or one group of users and the permissions granted to that user or group. An ACL can contain up to one thousand grant elements. |
|
grantee |
N/A |
Child of the grant element. Container for the name, type, and domain elements. |
One of: •The username of a tenant-level user account that’s defined in HCP. •The username of an Active Directory user account. This can be either the user principal name or the Security Accounts Manager (SAM) account name for the AD user account. •The name of an Active Directory group. •all_users. •authenticated. |
Specifies the user or group of users to which the ACL grants permissions. HCP has two special groups that you can specify in an ACL: •all_users — Grants permissions to all users, including those that access the namespace anonymously •authenticated — Grants permissions to all authenticated users To grant permissions to one of these special groups, specify group in the type element and omit the domain element. The Search Console returns an error if a given user or group is specified in more than one name element. |
|
type |
One of: •user — The name element specifies an HCP or Active Directory user account •group — The name element specifies an Active Directory group, all_users, or authenticated |
Specifies the type of the value specified in the name element. The Search Console returns an error if the value of the type element doesn’t correspond to the value of the name element. |
The name of an Active Directory domain |
Specifies the Active Directory domain that contains the user account or group specified in the name element. This element is required if the name element specifies an Active Directory user account or group. This element is invalid if the name element specifies the username of a user account that’s defined in HCP. |
|
permissions |
N/A |
Container for any combination of permission entries. |
permission |
One of: •READ •READ_ACL •WRITE •WRITE_ACL •DELETE |
Child of permissions entry. Specifies a permission granted to the user or group specified in the name entry. For more information on these permissions, see ACL permissions. |
© 2015 Hitachi Data Systems Corporation. All rights reserved.