Creating an ACL File

A decription of how to create ACL files for use with Sybase CEP Engine. This section introduces access control ACL files.

This section discusses how to create access control ACL files for use with Sybase CEP Engine and how these files are used by Sybase CEP Engine. For tips on designing policies, see the Designing Sybase CEP Access Control Policies article available on the Sybase website.

The ACL file is composed of a single policy set, which contains one or more policies, each of which contains one or more rules. Every policy set must begin with a System Rule that enables shared secret use on the Manager and Container processes of your Sybase CEP Server or Sybase CEP Server cluster. The System Rule looks like this:

<PolicySet xmlns='
http://www.sybase.com/access_control/">
<Policy PolicyId="FirstPolicy">
   <Rule Effect="Permit" RuleID="SystemRule">
      <Target>
         <Subjects>
            <SharedSecret/>
         </Subjects>
         <Actions>
            <AnyAction/>
         </Actions>
         <Resources>
            <AnyResource/>
         </Resources>
      </Target>
   </Rule>
   ...   
</Policy>
... 
</PolicySet>

After this initial rule, you can create other rules inside the same policy, and other policies, as required. For an explanation of policy set, policy and rule components and syntax, see "ACL File Components" .

ACL File Components
Diagrams providing details on the syntax and usage of ACL file components.
ACL Policy Set Implementation
When access control is enabled, Sybase CEP Engine checks incoming requests for actions on resources against the rules contained in a policy. This section describes the general rules that apply to all policy sets.

Parent topic: Configuring Access Restrictions to Sybase CEP Engine