Name
authorisation right, authorisationright, kPMAuthorisationRight — An authorisation right.
Synopsis
authorisation right structure { signature, rule, default rule };
signature : string, default, length 1..255 |
rule : string, choice |
default rule : string, choice, optional |
Description
An authorisation right.
An authorisation right sets out rules for access a request or function.
Fields
signature. Unique signature of the right.
The signature maps the authorisation right to the internal request or function being authorised. Typically the signature is a combination of the lowercase object name, a period, and the lower case request name.
signature
is a string. If signature
is omitted, a default is created. signature
must be between 1
and 255
characters long, inclusive.
rule. Rule to enforce for right.
The rule is applied when an attempt to access this right occurs.
rule
is a string. rule
must be one of the following two constants:
- universal,
kPMAuthorisationRightRule_Universal
. - administrator,
kPMAuthorisationRightRule_Administrator
.
default rule. Default rule for right.
The rule associated with a right may be changed. Being able to identify if the right has been changed and what the original right was is useful for debugging and restoring engines to their default state.
default rule
is a string. default rule
is optional. default rule
must be one of the following two constants:
- universal,
kPMAuthorisationRightDefaultRule_Universal
. - administrator,
kPMAuthorisationRightDefaultRule_Administrator
.