ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahy_5.4.0.1/rzahyaclasyn.htm

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights                   -->
<!-- Use, duplication or disclosure restricted by            -->
<!-- GSA ADP Schedule Contract with IBM Corp.                -->
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Directory Server (LDAP) - The access control attribute syntax</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link --> 
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>


<a name="rzahyaclasyn"></a>
<h4 id="rzahyaclasyn">The access control attribute syntax</h4>
<p>Each of these attributes can be managed using LDIF notation.  The syntax
for the new filter-based ACL attributes are modified versions of the current
non-filter-based ACL attributes. The following defines the syntax for the
ACI and entryOwner attributes using baccus naur form (BNF).</p>
<pre class="xmp"> &lt;aclEntry> ::=  &lt;subject> [ ":"  &lt;rights> ]

 &lt;aclPropagate> ::=  "true" | "false" </pre>
<pre class="xmp"> &lt;ibm-filterAclEntry> ::=  &lt;subject>  ":" &lt;object filter>  [ ":"  &lt;rights> ]

 &lt;ibm-filterAclInherit> ::=  "true" | "false"</pre>
<pre class="xmp"> &lt;entryOwner> ::=  &lt;subject>

 &lt;ownerPropagate> ::= "true" | "false"

 &lt;subject> ::= &lt;subjectDnType> ':' &lt;subjectDn> |
                        &lt;pseudoDn>

 &lt;subjectDnType> ::= "role" | "group" | "access-id"

 &lt;subjectDn> ::= &lt;DN>

 &lt;DN> ::= distinguished name as described in RFC 2251, section 4.1.3.

 &lt;pseudoDn> ::= "group:cn=anybody" | "group:cn=authenticated" |
                         "access-id:cn=this"
</pre>
<pre class="xmp"> &lt;object filter> ::= string search filter as defined in RFC 2254, section 4
                                 (extensible matching is not supported).</pre>
<pre class="xmp"> &lt;rights> ::= &lt;accessList> [":" &lt;rights> ]

 &lt;accessList> ::=  &lt;objectAccess> | &lt;attributeAccess> |
                            &lt;attributeClassAccess>

 &lt;objectAccess> ::= "object:" [&lt;action> ":"]  &lt;objectPermissions>

 &lt;action> ::= "grant" | "deny"

 &lt;objectPermisssions> ::=  &lt;objectPermission> [ &lt;objectPermissions> ]

 &lt;objectPermission> ::= "a" | "d" |  ""

 &lt;attributeAccess> ::= "at." &lt;attributeName> ":" [&lt;action> ":"]
                                &lt;attributePermissions>

 &lt;attributeName> ::= attributeType name as described in RFC 2251, section 4.1.4.
                        (OID or alpha-numeric string with leading
                         alphabet, "-" and ";" allowed)

 &lt;attributePermissions> ::=  &lt;attributePermission>
                                   [&lt;attributePermissions>]

 &lt;attributePermission> ::=  "r" | "w" | "s" | "c" |  ""

 &lt;attributeClassAccess> ::= &lt;class> ":" [&lt;action> ":"]
                                     &lt;attributePermissions>

 &lt;class> ::= "normal" | "sensitive" | "critical" | "system" | "restricted" 

</pre>
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="utf-8"?>`
			`<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"`
			`"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="dc.language" scheme="rfc1766" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<meta name="dc.date" scheme="iso8601" content="2005-09-06" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow"/>`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<title>Directory Server (LDAP) - The access control attribute syntax</title>`
			`<link rel="stylesheet" type="text/css" href="ibmidwb.css" />`
			`<link rel="stylesheet" type="text/css" href="ic.css" />`
			`</head>`
			`<body>`
			`<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->`
			`<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>`


			`<a name="rzahyaclasyn"></a>`
			`<h4 id="rzahyaclasyn">The access control attribute syntax</h4>`
			`<p>Each of these attributes can be managed using LDIF notation. The syntax`
			`for the new filter-based ACL attributes are modified versions of the current`
			`non-filter-based ACL attributes. The following defines the syntax for the`
			`ACI and entryOwner attributes using baccus naur form (BNF).</p>`
			`<pre class="xmp"> <aclEntry> ::= <subject> [ ":" <rights> ]`

			`<aclPropagate> ::= "true" \| "false" </pre>`
			`<pre class="xmp"> <ibm-filterAclEntry> ::= <subject> ":" <object filter> [ ":" <rights> ]`

			`<ibm-filterAclInherit> ::= "true" \| "false"</pre>`
			`<pre class="xmp"> <entryOwner> ::= <subject>`

			`<ownerPropagate> ::= "true" \| "false"`

			`<subject> ::= <subjectDnType> ':' <subjectDn> \|`
			`<pseudoDn>`

			`<subjectDnType> ::= "role" \| "group" \| "access-id"`

			`<subjectDn> ::= <DN>`

			`<DN> ::= distinguished name as described in RFC 2251, section 4.1.3.`

			`<pseudoDn> ::= "group:cn=anybody" \| "group:cn=authenticated" \|`
			`"access-id:cn=this"`
			`</pre>`
			`<pre class="xmp"> <object filter> ::= string search filter as defined in RFC 2254, section 4`
			`(extensible matching is not supported).</pre>`
			`<pre class="xmp"> <rights> ::= <accessList> [":" <rights> ]`

			`<accessList> ::= <objectAccess> \| <attributeAccess> \|`
			`<attributeClassAccess>`

			`<objectAccess> ::= "object:" [<action> ":"] <objectPermissions>`

			`<action> ::= "grant" \| "deny"`

			`<objectPermisssions> ::= <objectPermission> [ <objectPermissions> ]`

			`<objectPermission> ::= "a" \| "d" \| ""`

			`<attributeAccess> ::= "at." <attributeName> ":" [<action> ":"]`
			`<attributePermissions>`

			`<attributeName> ::= attributeType name as described in RFC 2251, section 4.1.4.`
			`(OID or alpha-numeric string with leading`
			`alphabet, "-" and ";" allowed)`

			`<attributePermissions> ::= <attributePermission>`
			`[<attributePermissions>]`

			`<attributePermission> ::= "r" \| "w" \| "s" \| "c" \| ""`

			`<attributeClassAccess> ::= <class> ":" [<action> ":"]`
			`<attributePermissions>`

			`<class> ::= "normal" \| "sensitive" \| "critical" \| "system" \| "restricted"`

			`</pre>`
			`<a id="Bot_Of_Page" name="Bot_Of_Page"></a>`
			`</body>`
			`</html>`