ACL body
The body of an ACL consists of entries in XML or JSON format.
XML format
The XML ACL body has the format shown below. Elements at each hierarchical level can be in any order.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <accessControlList> <grant> <grantee> <type>(user|group)</type> <name>(hcp-username |active-directory-username |active-directory-group |all_users |authenticated) </name> If the name entry specifies an Active Directory user or group, include the domain element <domain>active-directory-domain</domain> </grantee> <permissions> Any combination of the following <permission>READ</permission> <permission>READ_ACL</permission> <permission>WRITE</permission> <permission>WRITE_ACL</permission> <permission>DELETE</permission> </permissions> </grant> Up to 999 additional grant elements </accessControlList>
JSON format
The JSON ACL body has the format shown below. Entries at each hierarchical level can be in any order.
{ "grant": [{ "grantee": { "type":"(user|group)", "name":"(hcp-username |active-directory-username |active-directory-group |all_users |authenticated)"[,] If the name entry specifies an Active Directory user or group, include the domain entry "domain":"active-directory-domain" }, "permissions": { "permission":[["READ"[,]|"READ_ACL"[,]|"WRITE"[,] |"WRITE_ACL"[,]|"DELETE"]] } }] Up to 999 additional grant entries }
ACL contents
XML has a single top-level accessControlList
element. JSON has a corresponding unnamed top-level object. All ACLs must contain this entry in their body. The top-level entry contains the entries listed in the table below.
Entry | Valid values | Description |
grant | N/A |
Container for An ACL can contain up to one thousand |
grantee | N/A | Child of grant entry. Container for name , type , and domain entries. |
name |
One of:
|
Specifies the user or group of users to which the ACL grants permissions. HCP has two special groups that you can specify in an ACL:
To grant permissions to one of these special groups, specify HCP returns an HTTP 400 (Bad Request) error code if a user or group is specified in more than one |
type |
One of:
|
Specifies the type of the value specified in the HCP returns an HTTP 400 (Bad Request) error code if the value of the |
domain | The name of an Active Directory domain |
Specifies the Active Directory domain that contains the user account or group specified in the This entry is required if the |
permissions | N/A | Container for any combination of permission entries. |
permission |
Any of:
| Child of permissions entry. Specifies the permissions granted to the user or group specified in the name entry. |