ACL template

The ACL template defines the access level of user action.

The name that is used in the action refACL (reference ACL) is required and must be unique. This name cannot contain any of these special characters:

| / \ [ ] : ; | = , + * < > @ "

To configure:

  • host: This is the host name. If this is not specified, then all hosts are included.
  • version: This is the Cloverleaf version, for example, 19.1. If this is not specified, then all versions are included.
  • site: This is the site name. If this is not specified, then all sites are included.
  • masterSiteOnly. The default is false. If true, then do not specify site.

For example, to grant lookup table permission on sites named helloworld for all host servers whose version is 19.1, you can use:

<acl name="helloworld" versions="19.1" sites="helloworld">
 <user name="sample_user"> 
 <action tool="LookupTable" refACL="helloworld" />
 </user> 

Roles and users

To configure roles and users:

  • name: This is required and must be unique.
  • roles: This can be more than one role, separated by a comma.
  • remark: This is an added description.

For actions:

  • deleted: The default is false. When the level and tool name are the same, actions, or one action, can be deleted, as it is created/updated by default.
  • rights:
    • P: This indicates "grant" (default).
    • N: This indicates "deny".
  • actions: Actions are separated by a comma.

    This relates to buttons and actions in the tool. For example, open opens a tool, start starts a thread, and stop stops the thread.

  • tool: The tool name in the GUI. This is case-insensitive, for example, Netmonitor.
  • refACL: The reference ID of the ACL.