This class encapsulates an access list that uses any class derived from the AbstractAuthorization class. BasicAccessList allows to combine multiple access control requirements into a single decision.
BasicAccessList uses a list of rules. The rules
are evaluated sequentially. Each rule
can specify whether matching the current rule is Sufficient
or
Required
. A connection is
authorized if a Sufficient
rule matches
the connection, or all Required
rules
are fulfilled. If a Required
rule is
not met, the connection is refused.
Rules are represented as a list of Python tuples as the following example shows:
Example 5.4. BasicAccessList example |
---|
When referenced in a service definition, the following users can access the service:
AuthPolicy('intra', authentication=ZAAAuthentication ('zas2db', key_file='fwzaa.key', cert_file='fwzaa.crt'), authorization=BasicAccessList( ((Z_BACL_SUFFICIENT, PermitUser('user1')), (Z_BACL_SUFFICIENT, PermitUser('user2')), (Z_BACL_REQUIRED, PermitGroup('development'))))) |
Published on June 04, 2020
© 2007-2019 BalaSys
Send your comments to support@balasys.hu