2.2.3.1 AccessControlEntry

Target namespace: http://schemas.microsoft.com/windows/2007/BusinessDataCatalog/Resources

Referenced by: AccessControlList

A complex type that specifies an ACE to specify access rights for the parent element.

Child Elements:

Right: A Right element (section 2.2.3.33) that specifies the permissions available to the security principal.

Attributes:

Principal: An xs:string attribute that specifies the name of the security principal. The value for this attribute MUST be as specified by the following ABNF.

 principal = windows / membership / role / claim
 windows = ["Windows" %x7C] ((domain "\") / "") domainAccount
 membership = "Membership" %x7C membershipIssuer %x7C ((domain "\") / "") 
           domainAccount 
 role = ["Role" %x7C] roleIssuer %x7C ((domain "\") / "") domainAccount 
 claim = "STS" %x7C trustedSTS %x7C claimType %x7C claimValue %x7C 
           claimValueType
 claimValueType = "String"

The domain rule is the domain name of the security principal.

The domainAccount rule corresponds to the domain account of the security principal.

The membershipIssuer rule conforms to the format of an original issuer as specified in [MS-SPSTWS] section 2.2.2.

The roleIssuer rule conforms to the format of an original issuer as specified in [MS-SPSTWS] section 2.2.2.

The trustedSTS rule conforms to the trusted STS as specified in [MS-SPSTWS] section 2.2.2.

The claimType rule is the claim type URI as specified in [MS-SPSTWS] section 2.2.2.

The claimValue is a claim value.

The following W3C XML Schema ([XMLSCHEMA1/2] section 2.1) fragment specifies the contents of this complex type.

 <xs:complexType name="AccessControlEntry">
   <xs:sequence>
     <xs:element name="Right" type="bdc:Right" minOccurs="1" maxOccurs="unbounded"/>
   </xs:sequence>
   <xs:attribute name="Principal" type="xs:string" use="required"/>
 </xs:complexType>

See section 5.2 for the full W3C XML Schema ([XMLSCHEMA1/2] section 2.1).