This is a list of security rules defining which users from which hosts are allowed access using the specified methods to the current resource.
If no rules are provided, then by default all access is allowed, subject to any user authentication specified.
Config:/Security/Resource/*/Access/
| ||||
---|---|---|---|---|
Setting | Explanation | Default / Example | Data Type | Access R,W,A,D |
Protocol | A specification of a protocol to protect. Internet protocols include
HTTP, FTP, Gopher, NNTP, POP3, and SMTP.
Multiple specifications can be separated by the '|' character. | HTTP | Text | R,W |
Method | A specification of a Method within a Protocol to protect.
For example, common HTTP methods are:
Multiple specifications can be separated by the '|' character. | GET | Text | R,W |
SubMethod | A specification of a Sub-Method within a Protocol Method to protect.
For example, the HTTP GET method has sub-methods of:
Multiple specifications can be separated by the '|' character. | EXEC | Text | R,W |
Users | A specification of a user name or group name contained within
the authentication realm. The user name is the login name of a user, with no wildcards allowed. A special name "valid-user" matches all user names in the realm. A group name must be contained in square brackets "[]", again with no wildcards allowed. If several users are mentioned within a single rule, the list of names must be separated by vertical bars "|".
| john|simon|[admin] | Text | R,W |
Hosts | A specification of a host name or IP address. The host name is the name of a user's machine, including both the machine name and the domain name. A wildcard prefix is assumed, so that for example ".widget.com" matches with "user.widget.com" and "server.widget.com" but not with "alien.ufo.com" An IP address is specified in dotted decimal notation with a trailing wildcard assumed. So "65.43.21." will match against "65.43.21.1" but not against "65.43.210.1". If several hosts are mentioned within a single rule, the list of hosts must be separated by vertical bars "|".
| .widget.com|65.43.21. | Text | R,W |
Negate | If Negate is TRUE, it says that any users which match the current rule are NOT allowed access. Subsequent rules within the table may override this setting. The final rule that matches is considered the last word on whether a user can access the resource. | FALSE | Integer | R,W |
Stop | If Stop is TRUE, it says that if a user matches this current rule, then
don't continue considering any further rules in the table when determining
that user's access rights to the resource. Rules are always scanned from top to bottom, so re-ordering the rules will affect the behaviour of the access control. | TRUE | Integer | R,W |