Server Configuration > Access Control List Permissions > User and Group Permissions: Access Control Lists > ACL Syntax
 
ACL Syntax
When reviewing ACLs at the level of Integrity Lifecycle Manager source code projects, subprojects, and members, you’ll notice a distinct syntax that allows you to identify various elements. The ACL takes its name from the project and uses colon separators, for example:
mks:si
mks:si:project:id:Orion_Program
mks:si:project:id:Orion_Program:bin:Orion.exe
The following tables summarize the syntax for each category of ACL, including administrative, product-specific, and configuration management ACLs:
Administrative ACLs
Format
mks
mks
Default server level ACL providing root level administrative control over the Integrity Lifecycle Manager server. By default, the AdminServer permission is denied to the everyone group.
* 
This ACL cannot be deleted and the ACL entries cannot be removed.
mks:aa
mks:aa
Default ACL that controls login access linked to ACL management.
mks:aa:mks
mks:aa:mks
Default server level ACL. Read and update permissions in this ACL control access to other ACLs. You can also control read and update access to product-specific ACLs and to configuration management ACLs; for example, for configuration management project, C:/Orion_Program/project.pj:
mks:aa:mks:si:project:id:Orion_Program
mks:patch
mks:patch
Server level ACL providing control over installation and maintenance of client service packs. By default, Download permission allowed for everyone group.
mks:system:viewsets
mks:system:viewsets
Server level ACL providing control over publishing ViewSets.
mks:system:mksdomain
mks:system:mksdomain
Server level ACL providing administrative control over the MKS domain.
mks:system:webservices
mks:system:webservices
Server level ACL providing control over invoking Integrity Lifecycle Manager server Web services.
Product-specific ACLs
Format
mks:im
mks:im
Product-level ACL controlling access to workflow and document functionality.
mks:si
mks:si
Product-level ACL controlling access to configuration management functionality. All project and member ACLs inherit from this one.
Configuration Management ACLs
Format
project
mks:si:project:id:<project directory>
For example, for project C:/Orion_Program/project.pj:
mks:si:project:id:Orion_Program
variant project
mks:si:project:devpath:<devpath name>:id:<project directory>
For example, for variant Orion_SP2 of project C:/Orion_Program/project.pj:
mks:si:project:devpath:Orion_SP2:id:Orion_Program
subproject
mks:si:project:id:<project directory>:<subproject directory>
For example, for subproject C:/Orion_Program/bin/project.pj:
mks:si:project:id:Orion_Program:bin
variant subproject
mks:si:project:devpath:<devpath name>:id:<project directory>:<subproject directory>
For example, for variant subproject C:/Orion_SP2/bin:
mks:si:project:devpath:Orion_SP2:id:Orion_Program:bin
member
mks:si:project:id:<project directory>:<subproject directory>:<member name>
For example, for member C:/Orion_Program/bin/Orion.exe:
mks:si:project:id:Orion_Program:bin:Orion.exe
variant member
mks:si:project:devpath:<devpath name>:id:<project directory>:<subproject directory>:<member name>
For example, for member C:/Orion_Program/bin/Orion.exe of variant project Orion_SP2:
mks:si:project:devpath:Orion_SP2:id:Orion_Program:bin:Orion.exe
archive
mks:si:archive:id:<archivepath dir>:<archivename>
For example, for archive C:/Orion_Program/bin/Orion.exe:
mks:si:archive:id:Orion_Program:bin:Orion.exe