Name

authorisation right, authorisationright, kPMAuthorisationRight — An authorisation right.

Synopsis

authorisation right structure { signature, rule, default rule };
signature : string, default, length 1..255
rule : string, choice
default rule : string, choice, optional

Description

An authorisation right.

An authorisation right sets out rules for access a request or function.

Fields

signature. Unique signature of the right.

The signature maps the authorisation right to the internal request or function being authorised. Typically the signature is a combination of the lowercase object name, a period, and the lower case request name.

signature is a string. If signature is omitted, a default is created. signature must be between 1 and 255 characters long, inclusive.

rule. Rule to enforce for right.

The rule is applied when an attempt to access this right occurs.

rule is a string. rule must be one of the following two constants:

  • universal, kPMAuthorisationRightRule_Universal.
  • administrator, kPMAuthorisationRightRule_Administrator.

default rule. Default rule for right.

The rule associated with a right may be changed. Being able to identify if the right has been changed and what the original right was is useful for debugging and restoring engines to their default state.

default rule is a string. default rule is optional. default rule must be one of the following two constants:

  • universal, kPMAuthorisationRightDefaultRule_Universal.
  • administrator, kPMAuthorisationRightDefaultRule_Administrator.