XML format
The body of an ACL has the XML elements shown below. The elements at each hierarchical level can occur in any order.
<?xml version="1.0" ?> <accessControlList> <grant> <grantee> <type>(user|group)</type> <name>(hcp-username| active-directory-username| active-directory-group-name| all_users| authenticated) </name> If the name element specifies an Active Directory user or group, include the domain entry <domain>active-directory-domain</domain> </grantee> <permissions> Any combination of the following <permission>READ</permission> <permission>READ_ACL</permission> <permission>WRITE</permission> <permission>WRITE_ACL</permission> <permission>DELETE</permission> </permissions> </grant> Up to 999 additional grant elements </accessControlList>
Here is an example of an ACL that grants read and write permission to all users and grants read, write, and delete permission to the tenant-level HCP user with the username lgreen:
<?xml version="1.0" ?> <accessControlList> <grant> <grantee> <name>all_users</name> <type>group</type> </grantee> <permissions> <permission>READ</permission> <permission>WRITE</permission> </permissions> </grant> <grant> <grantee> <name>lgreen</name> <type>user</type> </grantee> <permissions> <permission>READ</permission> <permission>WRITE</permission> <permission>DELETE</permission> </permissions> </grant> </accessControlList>
XML elements
The XML for an ACL has a single top-level accessControlList
element. All ACLs must contain this element. The XML for an ACL also contains the elements listed in the table below.
Element | Values | Description |
grant | N/A |
Container for the An ACL can contain up to one thousand |
grantee | N/A | Child of the grant element. Container for the name , type , and domain elements. |
name |
One of:
|
Specifies the user or group of users to which the ACL grants permissions. HCP has two special groups that you can specify in an ACL:
To grant permissions to one of these special groups, specify The Search Console returns an error if a given user or group is specified in more than one |
type |
One of:
|
Specifies the type of the value specified in the The Search Console returns an error if the value of the |
domain | The name of an Active Directory domain |
Specifies the Active Directory domain that contains the user account or group specified in the This element is required if the |
permissions | N/A | Container for any combination of permission entries. |
permission |
One of:
| Child of permissions entry. Specifies a permission granted to the user or group specified in the name entry. |