DSL syntax: security store
The scripts that you can use with the SecurityControl feature to update the security store are formatted according to a domain-specific language (DSL). You can use the script builders provided in the APIs to create a script to update the security store. However, if you want to create the script by some other method, ensure that it conforms to the DSL.
Note: Instead of editing the Security.store file directly,
you should use a client to update the security store information.
The following sections each describe the syntax for a single line of the script file.
Note: The path keyword is synonymous with the topic keyword used in previous
releases of Diffusion™ Cloud. Both keywords are accepted. Prefer
path.
Assigning global permissions to a role
Railroad diagram
Backus-Naur
form
set
"
role_name
"
permissions
[
'['
global_permission
[
,
global_permission
]
']'
]
Example
set "ADMINISTRATOR" permissions [CONTROL_SERVER, VIEW_SERVER, VIEW_SECURITY, MODIFY_SECURITY] set "CLIENT_CONTROL" permissions [VIEW_SESSION, MODIFY_SESSION, REGISTER_HANDLER]
Assigning default path permissions to a role
Railroad diagram
Backus-Naur
form
set
"
role_name
"
default path permissions
[
'['
path_permission
[
,
path_permission
]
']'
]
Example
set "CLIENT" default path permissions [READ_TOPIC , SEND_TO_MESSAGE_HANDLER]
Assigning path permissions associated with a specific path to a role
Railroad diagram
Backus-Naur
form
set
"
role_name
"
path
"
path
"
permissions
[
'['
path_permission
[
,
path_permission
]
']'
]
Example
set "CLIENT" path "foo/bar" permissions [READ_TOPIC, SEND_TO_MESSAGE_HANDLER] set "ADMINISTRATOR" path "foo" permissions [ MODIFY_TOPIC ] set "CLIENT_CONTROL" path "foo" permissions [ ]
Removing all path permissions associated with a specific path to a role
Railroad diagram
Backus-Naur
form
remove
"
role_name
"
permissions for path
"
path
"
Example
remove "CLIENT" permissions for path "foo/bar"
Including roles within another role
Railroad diagram
Backus-Naur
form
set
"
role_name
"
includes
[
'['
"
role_name
"
[
,
"
role_name
"
]
']'
]
Example
set "ADMINISTRATOR" includes ["CLIENT_CONTROL" , "TOPIC_CONTROL"] set "CLIENT_CONTROL" includes ["CLIENT"]
Assigning roles to a named session
Railroad diagram
Backus-Naur
form
set roles for named sessions
[
'['
"
role_name
"
[
,
"
role_name
"
]
']'
]
Example
set roles for named sessions ["CLIENT"]
Assigning roles to an anonymous session
Railroad diagram
Backus-Naur
form
set roles for anonymous sessions
[
'['
"
role_name
"
[
,
"
role_name
"
]
']'
]
Example
set roles for anonymous sessions ["CLIENT"]
This page last modified: 2019/11/22