Exactly what is an access control rule?
An access control rule tells DACS whether a web service request should be granted or denied. Essentially, it is a description of an authorization policy. DACS searches the set of rules that you have provided and finds the rule that most closely matches a request. Expressions within that rule are then evaluated to determine the access control decision. These expressions can test arguments to a web service, examine exactly who is making the request, take into account the overall context of the request, or call external programs. Here are just a few examples of policies that can be specified: • Access should be denied if a certain argument is present or has a particular value • Access should be granted only if the request is coming from a particular IP address range • Access should be granted only if a certain file exists on the web server • Access should be denied outside of business hours • Access should be granted only if a specified program can be run and returns a particular result T
Related Questions
- Do the HIPAA Security Rule requirements for access control, such as automatic logoff, apply to employees who telecommute or have home-based offices if the employee accesses electronic PHI?
- Who is required to complete Rule 316 Dust Control Training?
- How do I create a Novell BorderManager Access Control Rule?
