Rbac class create_subject policy

Creates a new subject.

Type: rule policy.

Syntax

create_subject:{source: SourceSid, target: TargetSid, image: ImageName, type: Type, roles: Roles}

In this case:

• SourceSid – handle of the initiating subject.

  This can be blank. In this case, source_type: @any and source_role: @any must be indicated in the corresponding configuration rule.

• TargetSid – handle of the subject being created.
• ImageName – name of the image from which the new subject is being created.

  This can be blank. In this case, image : @any must be indicated in the corresponding configuration rule.

• Type – desired type of subject being created.

  This can be blank. In this case, the parameters for automatic type assignment must be indicated in the corresponding configuration rule.

• Roles – desired roles of the subject being created.

  This can be blank. In this case, the parameters for automatic role assignment must be indicated in the corresponding configuration rule.

Returned value

KSS_GRANT if the subject was created.

KSS_DENY if the subject was not created.

Example

execute dst=SimpleServer {

rbac0.create_subject

{ source: ()

, target: src_sid

, image: ()

, type: "actors"

, roles: ["admin"]

}

}

Page top