XML elements

The XML for an ACL has a single top-level accessControlList element. All ACLs must contain this element. The XML for an ACL also contains the elements listed in the table below.

Element Valid values Description

grant

N/A

Container for the grantee and permissions elements. Identifies one user or one group of users and the permissions granted to that user or group.

An ACL can contain up to one thousand grant elements.

grantee

N/A

Child of the grant element. Container for the name, type, and domain elements.

name

One of:

The username of a tenant-level user account that’s defined in HCP.

The username of an Active Directory user account. This can be either the user principal name or the Security Accounts Manager (SAM) account name for the AD user account.

The name of an Active Directory group.

all_users.

authenticated.

Specifies the user or group of users to which the ACL grants permissions.

HCP has two special groups that you can specify in an ACL:

all_users — Grants permissions to all users, including those that access the namespace anonymously

authenticated — Grants permissions to all authenticated users

To grant permissions to one of these special groups, specify group in the type element and omit the domain element.

The Search Console returns an error if a given user or group is specified in more than one name element.

type

One of:

user — The name element specifies an HCP or Active Directory user account

group — The name element specifies an Active Directory group, all_users, or authenticated

Specifies the type of the value specified in the name element.

The Search Console returns an error if the value of the type element doesn’t correspond to the value of the name element.

domain

The name of an Active Directory domain

Specifies the Active Directory domain that contains the user account or group specified in the name element.

This element is required if the name element specifies an Active Directory user account or group. This element is invalid if the name element specifies the username of a user account that’s defined in HCP.

permissions

N/A

Container for any combination of permission entries.

permission

One of:

READ

READ_ACL

WRITE

WRITE_ACL

DELETE

Child of permissions entry. Specifies a permission granted to the user or group specified in the name entry.

For more information on these permissions, see ACL permissions.

Trademarks and Legal Disclaimer

© 2017 Hitachi Data Systems Corporation. All rights reserved.