Construct XML to Update Access Control Lists
To update the Access Control Lists of files in a file system, you must construct some XML that specifies the identifiers of the files to update, and provides information about how to change the ACL.
<identifiersXML> <identifier value="..."> <acl_update> ... </acl_update> </identifier> </identifiersXML>
In the identifier value
attribute, replace "..." with the document identifier of the file that you want to update. A document identifier can be found in the AUTN_IDENTIFIER
field of an indexed document.
You can update the ACLs of several files by including more than one identifier
element in your XML:
<identifiersXML> <identifier value="..."> <acl_update> ... </acl_update> </identifier> <identifier value="..."> <acl_update> ... </acl_update> </identifier> </identifiersXML>
The following table describes the XML elements that you can use in the acl_update
element to specify how to change the ACL:
XML Element | Description | Permitted Occurrences |
---|---|---|
<break_inheritance/> |
Add this element to your XML to prevent ACL settings being inherited from the parent object in the file system. If specified, this element must be the first child of |
0 or 1 |
<enable_inheritance/> |
Add this element to your XML to inherit ACL settings from the parent object in the file system. If specified, this element must be the first child of This element accepts an optional
|
0 or 1 |
<ace action="..."> |
Add or remove an entry from the ACL. The The following child elements must all appear exactly once:
|
0 or more |
The following example demonstrates how to change the ACL for a file:
- grant read permission to
MYDOMAIN\user1
- grant read, write, execute, and delete permissions to
MYDOMAIN\user2
- remove all "allow" permissions from
MYDOMAIN\user3
<identifiersXML> <identifier value="..."> <acl_update> <break_inheritance/> <ace action="add"> <principal>MYDOMAIN\user1</principal> <principalType>DomainUser</principalType> <level>Read</level> </ace> <ace action="add"> <principal>MYDOMAIN\user2</principal> <principalType>DomainUser</principalType> <level>Read, Write, Execute, Delete</level> </ace> <ace action="remove"> <principal>MYDOMAIN\user3</principal> <principalType>DomainUser</principalType> <level>All</level> </ace> </acl_update> </identifier> </identifiersXML>
The following example demonstrates how to change the ACL for a file, so that ACL entries are inherited from the parent object in the file system and all non-inherited entries are removed:
<identifiersXML> <identifier value="..."> <acl_update> <enable_inheritance revert_acl="true"/> </acl_update> </identifier> </identifiersXML>
NOTE: When you update an ACL the file's last change time is updated to the current time (unless you provide a value for the LASTCHANGED
metadata field, in which case that value is used instead). For more information about changing the last change time, see Construct XML to Update Dates.