18.3. ACI Structure
The
aci attribute uses the following syntax:
(target_rule) (version 3.0; acl "ACL_name"; permission_rule bind_rules;)
target_rulespecifies the entry, attributes, or set of entries and attributes for which to control access. For details, see Section 18.9, “Defining Targets”.version 3.0is a required string which identifies the ACI version.aci "ACL_name"sets a name or string that describes the ACI.permission_rulesets what rights, such asreadorwrite, are allowed or denied. For details, see Section 18.10, “Defining Permissions”.bind_rulesspecifies which rules must match during the bind to allow or deny access. For details, see Section 18.11, “Defining Bind Rules”.
Note
The permission and the bind rule pair are called an access control rule.
To efficiently set multiple access controls for a given target, you can set multiple access control rules for each target:
(target_rule)(version 3.0; acl "ACL_name"; permission_rule bind_rules; permission_rule bind_rules; ... ;)
