AccessPermission Properties

This topic alphabetically lists the properties that apply to the AccessPermission class.

AccessMask Property

A bitmask combining bit values representing the security access rights granted on a given object. The property behavior is as follows:

On an AccessPermission, the access rights are granted on a given object to the grantee specified on the access permission.
On an AccessPermissionDescription, the access rights are those that may be granted on a given object.

Metadata

AllowsDefaultChange: false
Cardinality: SINGLE
CopyToReservation: false
DataType: LONG
IsHidden: false
IsOrderable: false
IsSearchable: false
IsValueRequired: true
ModificationAccessRequired: WRITE
PersistenceType: NOT_PERSISTENT
PropertyDefaultInteger32: null
PropertyMaximumInteger32: null
PropertyMinimumInteger32: null
RequiresUniqueElements: false
Settability: READ_WRITE
TargetAccessRequired: READ

AccessType Property

Indicates the security access type (Allow or Deny) that a user has for a given AccessPermission object.

Metadata

AllowsDefaultChange: false
Cardinality: SINGLE
CopyToReservation: false
DataType: LONG
IsHidden: false
IsOrderable: false
IsSearchable: false
IsValueRequired: true
ModificationAccessRequired: WRITE
PersistenceType: NOT_PERSISTENT
PropertyDefaultInteger32: 1
PropertyMaximumInteger32: 2
PropertyMinimumInteger32: 1
RequiresUniqueElements: false
Settability: READ_WRITE
TargetAccessRequired: READ

ClassDescription Property

Specifies a ClassDescription object containing the fixed description (immutable metadata) of the class from which this object is instantiated.

Metadata

AllowsDefaultChange: false
Cardinality: SINGLE
CopyToReservation: false
DataType: OBJECT
DeletionAction: NONE
IsHidden: true
IsOrderable: false
IsSearchable: false
IsValueRequired: true
ModificationAccessRequired: WRITE
PersistenceType: NOT_PERSISTENT
ReflectiveProperty: null
RequiredClass: ClassDescription
RequiresUniqueElements: false
Settability: READ_ONLY
TargetAccessRequired: READ

GranteeName Property

The distinguished name (DN) or short name of the user or group to whom an access permission is granted.

Metadata

AllowsDefaultChange: false
Cardinality: SINGLE
CopyToReservation: false
DataType: STRING
IsHidden: false
IsOrderable: false
IsSearchable: false
IsValueRequired: true
MaximumLengthString: null
ModificationAccessRequired: WRITE
PersistenceType: NOT_PERSISTENT
RequiresUniqueElements: false
Settability: READ_WRITE
TargetAccessRequired: READ

GranteeType Property

Specifies whether a group or a user is being granted a permission.

Metadata

InheritableDepth Property

The maximum depth to which a permission (ACE) can be inherited. As the ACE gets inherited from a security parent, the value is decremented. Example values are as follows:

0 - No inheritance (this object only).
1 - This object and immediate children only.
-1 - This object and all children (infinite levels deep).
-2 - All children (infinite levels deep) but not this object.
-3 - Immediate children only; not this object.

A value of -2, -3, and less is only allowed on an ACE that is not inherited (that is, the PermissionSource value is SOURCE_DIRECT, SOURCE_DEFAULT, or SOURCE_TEMPLATE) and can be useful because that InheritableDepth value prevents the permission from affecting the security parent object itself. For instance, if the permission gave a user the DELETE right and the InheritableDepth value was -2, then the user would be able to delete security children objects that inherited that permission, but would not be able to delete the security parent object itself.

If the permission has been inherited (PermissionSource.SOURCE_PARENT), then the InheritableDepth value will always be 0, -1, 1, or other positive value greater than 1. The value will never be -2, -3, or other negative value less than -3.

For more information about inheritable depth values, see Security Inheritance.

Metadata

AllowsDefaultChange: false
Cardinality: SINGLE
CopyToReservation: false
DataType: LONG
IsHidden: false
IsOrderable: false
IsSearchable: false
IsValueRequired: true
ModificationAccessRequired: WRITE
PersistenceType: NOT_PERSISTENT
PropertyDefaultInteger32: 0
PropertyMaximumInteger32: 1
PropertyMinimumInteger32: -1
RequiresUniqueElements: false
Settability: READ_WRITE
TargetAccessRequired: READ

PermissionSource Property

Indicates the source of the given permission.

The source of access rights can be:

a security template
inheritance from a parent object
default access rights from the class from which the object was instantiated
direct application (that is, through programmatically setting permissions with a method call)
permissions originating from a security proxy

Metadata

AllowsDefaultChange: false
Cardinality: SINGLE
CopyToReservation: false
DataType: LONG
IsHidden: false
IsOrderable: false
IsSearchable: false
IsValueRequired: true
ModificationAccessRequired: WRITE
PersistenceType: NOT_PERSISTENT
PropertyDefaultInteger32: 0
PropertyMaximumInteger32: null
PropertyMinimumInteger32: null
RequiresUniqueElements: false
Settability: READ_ONLY
TargetAccessRequired: READ