The check-acl function specifies an access control list (ACL) to use to check whether the client is allowed to access the requested resource. An ACL contains information about who is or is not allowed to access a resource, and under what conditions access is allowed.
Regardless of the order of PathCheck directives in the object, check-acl functions are executed first. They perform user authentication if required by the specified ACL, and also update the access control state. Because the server caches the ACLs returned by the check-acl function, do not use check-acl inside a Client, If, ElseIf, or Else container.
The following table describes parameters for the check-acl function.
Table 7–16 check-acl Parameters
Parameter |
Description |
---|---|
Name of an access control list. |
|
(Optional) Wildcard pattern that specifies the path for which the ACL should be applied. |
|
bucket |
(Optional) Common to all obj.conf functions. Adds a bucket to monitor performance. For more information, see The bucket Parameter. |
PathCheck fn="check-acl" acl="*HRonly*"