5.1.9. Class BasicAccessList

This class encapsulates an access list that uses any class derived from the AbstractAuthorization class. BasicAccessList allows to combine multiple access control requirements into a single decision.

BasicAccessList uses a list of rules. The rules are evaluated sequentially. Each rule can specify whether matching the current rule is Sufficient or Required. A connection is authorized if a Sufficient rule matches the connection, or all Required rules are fulfilled. If a Required rule is not met, the connection is refused.

Rules are represented as a list of Python tuples as the following example shows:

Example 5.4. BasicAccessList example

Example 5.4. BasicAccessList example
When referenced in a service definition, the following users can access the service: members of the `development` group; anyone with the `user1` username; anyone with the `user2` username. AuthPolicy('intra', authentication=ZAAAuthentication ('zas2db', key_file='fwzaa.key', cert_file='fwzaa.crt'), authorization=BasicAccessList( ((Z_BACL_SUFFICIENT, PermitUser('user1')), (Z_BACL_SUFFICIENT, PermitUser('user2')), (Z_BACL_REQUIRED, PermitGroup('development')))))

When referenced in a service definition, the following users can access the service:

members of the development group;
anyone with the user1 username;
anyone with the user2 username.

AuthPolicy('intra',
      authentication=ZAAAuthentication
                    ('zas2db', key_file='fwzaa.key', cert_file='fwzaa.crt'),
      authorization=BasicAccessList(
            ((Z_BACL_SUFFICIENT, PermitUser('user1')),
             (Z_BACL_SUFFICIENT, PermitUser('user2')),
             (Z_BACL_REQUIRED, PermitGroup('development')))))

Previous	Up	Next
	Home

Zorp GPL 7 Reference Guide

5.1. Module Auth

5.1.9. Class BasicAccessList