Oracle iPlanet Web Proxy Server 4.0.14 Administration Guide

Writing Authorization Statements

Use the following syntax when writing authorization statements:

allow|deny [absolute] (right[,right...]) attribute expression;

Start each line with either allow or deny. Because of the hierarchy of rules, deny access to everyone in the first rule and then specifically allow access for users, groups, or computers in subsequent rules. For example, if you allow anyone access to a directory called /my_files, and allow a few users access to the subdirectory /my_files/personal, the access control on the subdirectory will not work because anyone allowed access to the /my_files directory will also be allowed access to the /my_files/personal directory. To prevent this, create a rule for the subdirectory that first denies access to anyone, and then allows access for the few users who need it.

In some cases, however, if you set the default ACL to deny access to everyone, your other ACL rules do not need a “deny all” rule.

The following line denies access to everyone:

deny (all) user = "anyone";