Expand Collapse
Just a second...

DSL syntax: security store

The scripts that you can use with the SecurityControl feature to update the security store are formatted according to a domain-specific language (DSL). You can use the script builders provided in the APIs to create a script to update the security store. However, if you want to create the script by some other method, ensure that it conforms to the DSL.

Note: Instead of editing the Security.store file directly, you should use a client to update the security store information.

The following sections each describe the syntax for a single line of the script file.

Note: The path keyword is synonymous with the topic keyword used in previous releases of Diffusion™ Cloud. Both keywords are accepted. Prefer path.

Assigning global permissions to a role

Railroad diagram
A railroad diagram that describes the syntax used to assign globally scoped permissions to a role: SET role PERMISSIONS, followed by a comma-separated list of global permissions inside square brackets.
Backus-Naur form
set " role_name " permissions [ '[' global_permission [ , global_permission ] ']' ]
Example 
set "ADMINISTRATOR" permissions [CONTROL_SERVER, VIEW_SERVER, VIEW_SECURITY, MODIFY_SECURITY]
set "CLIENT_CONTROL" permissions [VIEW_SESSION, MODIFY_SESSION, REGISTER_HANDLER]

Assigning default path permissions to a role

Railroad diagram
A railroad diagram that describes the syntax used to assign default path permissions to a role: SET role DEFAULT PATH PERMISSIONS, followed by a comma-separated list of path permissions inside square brackets.
Backus-Naur form
set " role_name " default path permissions [ '[' path_permission [ , path_permission ] ']' ]
Example 
set "CLIENT" default path permissions [READ_TOPIC , SEND_TO_MESSAGE_HANDLER]

Assigning path permissions associated with a specific path to a role

Railroad diagram
A railroad diagram that describes the syntax used to assign permissions scoped to a specific path to a role: SET role PATH path PERMISSIONS, followed by a comma-separated list of path permissions inside square brackets.
Backus-Naur form
set " role_name " path " path " permissions [ '[' path_permission [ , path_permission ] ']' ]
Example 
set "CLIENT" path "foo/bar" permissions [READ_TOPIC, SEND_TO_MESSAGE_HANDLER]
set "ADMINISTRATOR" path "foo" permissions [ MODIFY_TOPIC ]
set "CLIENT_CONTROL" path "foo" permissions [ ]

Removing all path permissions associated with a specific path to a role

Railroad diagram
A railroad diagram that describes the syntax used to remove permissions scoped to a specific path from a role: REMOVE role PERMISSIONS FOR PATH path.
Backus-Naur form
remove " role_name " permissions for path " path "
Example 
remove "CLIENT" permissions for path "foo/bar"

Including roles within another role

Railroad diagram
A railroad diagram that describes the syntax used to include a role within another role: SET role INCLUDES, followed by a followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
set " role_name " includes [ '[' " role_name " [ , " role_name " ] ']' ]
Example 
set "ADMINISTRATOR" includes ["CLIENT_CONTROL" , "TOPIC_CONTROL"]
set "CLIENT_CONTROL" includes ["CLIENT"]

Assigning roles to a named session

Railroad diagram
A railroad diagram that describes the syntax used to assigned roles to a session with a named principal: SET ROLES FOR NAMED SESSIONS, followed by a followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
set roles for named sessions [ '[' " role_name " [ , " role_name " ] ']' ]
Example 
set roles for named sessions ["CLIENT"]

Assigning roles to an anonymous session

Railroad diagram
A railroad diagram that describes the syntax used to assigned roles to an anonymous session: SET ROLES FOR ANONYMOUS NAMED SESSIONS, followed by a followed by a comma-separated list of roles inside square brackets.
Backus-Naur form
set roles for anonymous sessions [ '[' " role_name " [ , " role_name " ] ']' ]
Example 
set roles for anonymous sessions ["CLIENT"]

This page last modified: 2019/11/22