ARoad0.CNot
Interface AccessControlLink

All Known Implementing Classes:
AccessControlLinkImpl

public interface AccessControlLink

This interface is responsible for defining the 20 link types used for qualifying the access control link between two base objects. Only AclEntries and Privileges may define negative rights, in other words, provide some access forbiddings. These negative rights may be propagated in GLOBAL links. SPREAD is a type without any rights, since its comment is used for the 'See why' text. Another types have no rights. Caution: a MANDATORY RULE to comply with is that an AccessControlLink type must have the lenght close to its name lenght, since the AccessControlLinkImpl methods use the variable lenght as criterion. There are 4 criterion in the tests: 'greater than 5', 'lesser than 6', 'lesser than 9' and 'greater than 11'. Beside the link types, there are 12 comments which are started with 'C_'. They are used in the 'See why' texts of the views

See Also:
AccessControlLinkImpl

Field Summary
static java.lang.String ACL
          link type 'acl', associated to an AclEntry between 2 base objects which are the access control link ends.
static java.lang.String BRIDGE
          pseudo-structural link type 'bridge', used for inter-ACS bridge relations. '[]' is used for structural and pseudo-structural links when there are rights.
static java.lang.String C_CONDITIONAL_ACL
          For the ACL types, this is a comment to say that there is at least one conditional ACL.
static java.lang.String C_CONTROL_OTHER_ACS
          For the ACL and Privilege types, this is a comment to say that an ACS controls another ACS.
static java.lang.String C_COPIED_FROM_LINK
          For the Global type, this is a comment to say that the link has negative rights which are copied from another DisplayableLinkImpl(s).
static java.lang.String C_FIRST_RATE
          For the Global type, this is a comment to say that this is the link to display with a double with.
static java.lang.String C_INHERITED_ACL
          For the ACL types, this is a comment to say that there are rights from inherited ACLs.
static java.lang.String C_INHERITED_AG
          This is a comment to say that this is there are inherited AG rights.
static java.lang.String C_INHERITED_PRI
          For the Privilege types, this is a comment to say that there are rights from inherited Privileges.
static java.lang.String C_MAY_SET_USER_GROUP
          For the ALIAS type, this is a comment to say that the AG context of execution is may have been changed for the UserID and the GroupID.
static java.lang.String C_RECEIVE_ALIAS_RIGHTS
          For the ALIAS type, this is a comment to say that the received rights of the alias are transfered to the alias reference.
static java.lang.String C_SECONDARY_GROUP
          For the GLOBAL type, this is a comment to say that is for a secondary group.
static java.lang.String C_SET_GROUP
          For the CONTAIN or the ALIAS type, this is a comment to say that the AG context of execution is changed for the UserID.
static java.lang.String C_SET_USER
          For the OWNER or the ALIAS type, this is a comment to say that the AG context of execution is changed for the UserID.
static java.lang.String C_WEAK_LINK
          For the GLOBAL and the CONTAIN types, this is a comment to say that the first link, for a couple of nodes, is found with some restricted data.
static java.lang.String CONTAIN
          Pseudo-structural link type 'contain', associated to a GroupID which contains a Resource.
static java.lang.String DATA_EXCHANGE
          pseudo-structural link type 'data exchange', between 2 processes which may exchange some data.
static java.lang.String GLOBAL
          link type 'global', used for an actor which is running under a secondary group, or for a first rate link with the comment C_FIRST_RATE, or by some AcsAddon for comments on specific cases.
static java.lang.String HAS_CHILD
          structural link type 'has child', from a Node to one child which is directly under this node.
static java.lang.String HAS_VIRTUAL_MEMBER
          structural link type 'has virtual member', from a VirtualFolder to one ACSObject which belongs to this folder.
static java.lang.String IS_ALIAS
          structural link type 'alias' associated to an Alias link from an alias to its reference. '[]' is used for structural and pseudo-structural links when there are rights.
static java.lang.String IS_INDIRECT_MEMBER
          structural link type 'is indirect member', from a GroupIDMember to a GroupID like 'is member', but through some intermediate GroupID(s).
static java.lang.String IS_MEMBER
          structural link type 'member of', from a GroupIDMember to a GroupID.
static java.lang.String LAUNCH
          structural link type 'launch' from a launcher to an active process.
static java.lang.String LPRI
          link type 'linkedPriv', associated to a Privilege between 2 base objects.
static java.lang.String NEG_ACL
          link type 'negativeAcl', associated to a negative AclEntry between 2 base objects.
static java.lang.String NEG_LPRI
          link type 'negativeLinkedPriv', associated to a negative Privilege between 2 base objects.
static java.lang.String NEG_TPRI
          link type 'negativeTypedPriv', associated to a negative Privilege between 2 base objects.
static java.lang.String NO_LESS_COMPLIANCE
          For the NoThan view rights, to indicate when the No-Less-Than right criteria is not fullfilled by the Eligible Parties set.
static java.lang.String NO_MORE_COMPLIANCE
          For the NoThan view rights, to indicate when the No-More-Than right criteria is not fullfilled by the Eligible Parties set.
static java.lang.String OWNER
          pseudo-structural link type 'owner', associated to an owning relation between an UserID and a Resource. '[]' is used for structural and pseudo structural links when there are rights.
static java.lang.String RUN_UNDER
          structural link type 'runs under', associated to a process an Actor which starts in the context of an account, a group or a secondary group, taking the account/group rights through this context.
static java.lang.String SOFT_RUN_UNDER
          structural link type 'soft runs under', associated to a process (an Actor, a VirtualFolder) which receives the context of an account, a group or a secondary group through an access path, taking the account/group rights through this context.
static java.lang.String SPREAD
          link type 'spread', associated to an applicable relation implying two base objects.
static java.lang.String TPRI
          link type 'typedPriv', associated to a Privilege between 2 base objects.
 

Field Detail

GLOBAL

static final java.lang.String GLOBAL
link type 'global', used for an actor which is running under a secondary group, or for a first rate link with the comment C_FIRST_RATE, or by some AcsAddon for comments on specific cases. May have negative rights.

See Also:
C_SECONDARY_GROUP, Constant Field Values

BRIDGE

static final java.lang.String BRIDGE
pseudo-structural link type 'bridge', used for inter-ACS bridge relations. '[]' is used for structural and pseudo-structural links when there are rights.

See Also:
Constant Field Values

ACL

static final java.lang.String ACL
link type 'acl', associated to an AclEntry between 2 base objects which are the access control link ends. Used for inner-ACS and inter-ACS relations.

See Also:
Constant Field Values

NEG_ACL

static final java.lang.String NEG_ACL
link type 'negativeAcl', associated to a negative AclEntry between 2 base objects.

See Also:
Constant Field Values

OWNER

static final java.lang.String OWNER
pseudo-structural link type 'owner', associated to an owning relation between an UserID and a Resource. '[]' is used for structural and pseudo structural links when there are rights.

See Also:
Constant Field Values

CONTAIN

static final java.lang.String CONTAIN
Pseudo-structural link type 'contain', associated to a GroupID which contains a Resource. This may be a weak link when the ACS policy specifies that other links are stronger, like for instance OWNER in a Linux-Unix operating system. This link is not applicable from a GroupID to a GroupIDMember, since there are no actions is that case (see IS_MEMBER). '[]' is used for structural and pseudo-structural links when there are rights.

See Also:
Constant Field Values

SPREAD

static final java.lang.String SPREAD
link type 'spread', associated to an applicable relation implying two base objects. The comment for the 'See why' text is set in the SPREAD comments of the last AccessControlLink of each DisplayableLink. This is the only type which has no rights.

See Also:
Constant Field Values

IS_MEMBER

static final java.lang.String IS_MEMBER
structural link type 'member of', from a GroupIDMember to a GroupID.

See Also:
Constant Field Values

IS_INDIRECT_MEMBER

static final java.lang.String IS_INDIRECT_MEMBER
structural link type 'is indirect member', from a GroupIDMember to a GroupID like 'is member', but through some intermediate GroupID(s).

See Also:
Constant Field Values

HAS_CHILD

static final java.lang.String HAS_CHILD
structural link type 'has child', from a Node to one child which is directly under this node.

See Also:
Constant Field Values

NO_MORE_COMPLIANCE

static final java.lang.String NO_MORE_COMPLIANCE
For the NoThan view rights, to indicate when the No-More-Than right criteria is not fullfilled by the Eligible Parties set.

See Also:
Constant Field Values

NO_LESS_COMPLIANCE

static final java.lang.String NO_LESS_COMPLIANCE
For the NoThan view rights, to indicate when the No-Less-Than right criteria is not fullfilled by the Eligible Parties set.

See Also:
Constant Field Values

HAS_VIRTUAL_MEMBER

static final java.lang.String HAS_VIRTUAL_MEMBER
structural link type 'has virtual member', from a VirtualFolder to one ACSObject which belongs to this folder.

Since:
0.7.0
See Also:
Constant Field Values

TPRI

static final java.lang.String TPRI
link type 'typedPriv', associated to a Privilege between 2 base objects.

Since:
0.7.0
See Also:
Constant Field Values

NEG_TPRI

static final java.lang.String NEG_TPRI
link type 'negativeTypedPriv', associated to a negative Privilege between 2 base objects.

Since:
0.7.0
See Also:
Constant Field Values

LPRI

static final java.lang.String LPRI
link type 'linkedPriv', associated to a Privilege between 2 base objects. Used for inner-ACS and inter-ACS relations, like the ACL types.

Since:
0.7.0
See Also:
Constant Field Values

NEG_LPRI

static final java.lang.String NEG_LPRI
link type 'negativeLinkedPriv', associated to a negative Privilege between 2 base objects. Used for inner-ACS and inter-ACS relations, like the ACL types.

Since:
0.7.0
See Also:
Constant Field Values

IS_ALIAS

static final java.lang.String IS_ALIAS
structural link type 'alias' associated to an Alias link from an alias to its reference. '[]' is used for structural and pseudo-structural links when there are rights.

Since:
0.7.0
See Also:
Constant Field Values

RUN_UNDER

static final java.lang.String RUN_UNDER
structural link type 'runs under', associated to a process an Actor which starts in the context of an account, a group or a secondary group, taking the account/group rights through this context.

Since:
0.7.0
See Also:
Constant Field Values

SOFT_RUN_UNDER

static final java.lang.String SOFT_RUN_UNDER
structural link type 'soft runs under', associated to a process (an Actor, a VirtualFolder) which receives the context of an account, a group or a secondary group through an access path, taking the account/group rights through this context. This link type requires there is no RUN_UNDER type.

Since:
0.7.0
See Also:
Constant Field Values

DATA_EXCHANGE

static final java.lang.String DATA_EXCHANGE
pseudo-structural link type 'data exchange', between 2 processes which may exchange some data. An example is between a IP network socket and a running process having some network exchanges. This is a weak link since it means that is not possible to known the impact the exchanged data may have on the receiver behavior. To manage that, the ACS modelizes for each data_exchange link, the own-ACS target rights which are propagated through the link, and it uses the metaright 'get_target_rights'. '[]' is used for structural and pseudo-structural links when there are rights.

Since:
0.7.0
See Also:
Constant Field Values

LAUNCH

static final java.lang.String LAUNCH
structural link type 'launch' from a launcher to an active process. This provides an stronger equivalent to the executing right.

Since:
0.7.0
See Also:
Constant Field Values

C_SECONDARY_GROUP

static final java.lang.String C_SECONDARY_GROUP
For the GLOBAL type, this is a comment to say that is for a secondary group.

Since:
0.7.0
See Also:
Constant Field Values

C_WEAK_LINK

static final java.lang.String C_WEAK_LINK
For the GLOBAL and the CONTAIN types, this is a comment to say that the first link, for a couple of nodes, is found with some restricted data. The path for this couple has to be drawn differently in the view. This is used for instance when there is a link directly from a GroupID, then the UserID of the AG context is unknown. In this case, the Account rights, if any, delete the Group rights to comply with the ACS rule 'AGO right: A rights deletes GO rights'. If this is a GLOBAL comment while the GLOBAL type remains false, the path is drawn differently, but the 'See Why' text does not contain this property as comment.

Since:
0.7.0
See Also:
AccessControlLinkImpl.isWeak(), Constant Field Values

C_SET_USER

static final java.lang.String C_SET_USER
For the OWNER or the ALIAS type, this is a comment to say that the AG context of execution is changed for the UserID.

Since:
0.7.0
See Also:
Constant Field Values

C_SET_GROUP

static final java.lang.String C_SET_GROUP
For the CONTAIN or the ALIAS type, this is a comment to say that the AG context of execution is changed for the UserID.

Since:
0.7.0
See Also:
Constant Field Values

C_MAY_SET_USER_GROUP

static final java.lang.String C_MAY_SET_USER_GROUP
For the ALIAS type, this is a comment to say that the AG context of execution is may have been changed for the UserID and the GroupID.

Since:
0.7.0
See Also:
Constant Field Values

C_RECEIVE_ALIAS_RIGHTS

static final java.lang.String C_RECEIVE_ALIAS_RIGHTS
For the ALIAS type, this is a comment to say that the received rights of the alias are transfered to the alias reference. It is used only in the views for ACS nodes.

Since:
0.7.0
See Also:
Constant Field Values

C_CONTROL_OTHER_ACS

static final java.lang.String C_CONTROL_OTHER_ACS
For the ACL and Privilege types, this is a comment to say that an ACS controls another ACS. It is used only in the ACS views.

Since:
0.7.0
See Also:
Constant Field Values

C_INHERITED_ACL

static final java.lang.String C_INHERITED_ACL
For the ACL types, this is a comment to say that there are rights from inherited ACLs. It is used only in the views for ACS nodes.

Since:
0.7.0
See Also:
Constant Field Values

C_INHERITED_AG

static final java.lang.String C_INHERITED_AG
This is a comment to say that this is there are inherited AG rights. It is used only in the views for ACS nodes.

Since:
0.7.0
See Also:
Constant Field Values

C_INHERITED_PRI

static final java.lang.String C_INHERITED_PRI
For the Privilege types, this is a comment to say that there are rights from inherited Privileges. It is used only in the views for ACS nodes.

Since:
0.7.0
See Also:
Constant Field Values

C_FIRST_RATE

static final java.lang.String C_FIRST_RATE
For the Global type, this is a comment to say that this is the link to display with a double with. It is used only in the views for ACS nodes.

Since:
0.7.0
See Also:
Constant Field Values

C_COPIED_FROM_LINK

static final java.lang.String C_COPIED_FROM_LINK
For the Global type, this is a comment to say that the link has negative rights which are copied from another DisplayableLinkImpl(s). It is used only in the views for ACS nodes.

Since:
0.7.0
See Also:
Constant Field Values

C_CONDITIONAL_ACL

static final java.lang.String C_CONDITIONAL_ACL
For the ACL types, this is a comment to say that there is at least one conditional ACL. It is used only in the views for ACS nodes.

Since:
0.7.0
See Also:
Constant Field Values