2.2.9.8.5.3 RIGHT
The RIGHT element describes a right assigned to a principal. One or more RIGHT elements MUST be present. The RIGHT element MUST follow one of the two following forms.
Form 1
-
<RIGHT name="[[- rightname -]]" > <CONDITIONLIST> [[- timecondition -]] <ACCESS> <PRINCIPAL> <OBJECT> <ID type="[[- type -]]"> [[- userid -]] </ID> [[- emailaddress -]] </OBJECT> </PRINCIPAL> </ACCESS> </CONDITIONLIST> </RIGHT>
Form 2
-
<[[- rightname -]] > <CONDITIONLIST> [[- timecondition -]] <ACCESS> <PRINCIPAL> <OBJECT> <ID type="[[- type -]]"> [[- userid -]] </ID> [[- emailaddress -]] </OBJECT> </PRINCIPAL> </ACCESS> </CONDITIONLIST> </[[- rightname -]] >
[[- rightname -]]: In form 1, the name of the right MUST be an attribute on a RIGHT element and can be any arbitrary right name. In form 2, the name of the right MUST be the name of the element, and MUST be one of a set of the following reserved values:
VIEW
PRINT
EDIT
FORWARD
VIEWRIGHTSDATA
[[- timecondition -]]: MAY exist to specify a number of days for which the right can be exercised. If present, this MUST be a TIME element as specified in section 2.2.9.8.4.
[[- type -]]: MUST be the type of identity that possesses the right. Possible identity type values include the following literal strings: "Unspecified", "Windows", or "Internal".
[[- userid -]]: MAY be present if the type is "Windows". If present, MUST be the SID of the identity that possesses the right. If the type is "Internal", MUST be present and contain either "Owner" or "Anyone".
[[- emailaddress -]]: MUST be present if the type is "Unspecified", or if the type is "Windows" and [[- userid -]] is not present. MUST be a NAME element that MUST contain the primary email address associated with the identity that possesses the right.