Checks whether the subject has the specified permissions based on the permissions matrix (allows).
The list of permissions is passed in the policy configuration. The types of the subject and object are determined based on their SIDs, and the list of the subject's permissions for the specified object is checked. An entity can be the subject of a certain action, and another entity or resource can be the object.
Type: call policy
Syntax
validate (in SID subject, in SID object)
Parameters
|
SID of the subject of the action. |
|
SID of the object of the action. |
Policy configuration
<configuration> ::= "[" {<permission>} "]"
Configuration elements
|
Permission that the subject must have when interacting with the specified object. |
Returned value
KSS_GRANT if the subject has all the permissions from the list, otherwise KSS_DENY.
Interaction will be denied in the following cases: