MicroStrategy ONE
Add Group ACE statement
Adds a new ACE (Access Control Entry) to a user group's ACL (Access Control List).
ADD ACE FOR GROUP "ace_group_name" (USER "user_name" | GROUP "group_name") ACCESSRIGHTS
(VIEW | MODIFY | FULLCONTROL | DENIEDALL | DEFAULT | CUSTOM [GRANTgrant_accessright1 [,
... grant_accessrightN]]
[DENY deny_accessright1 [,
... deny_accessrightN]])
CHILDRENACCESSRIGHTS (VIEW | MODIFY | FULLCONTROL | DENIEDALL | DEFAULT
| CUSTOM [GRANT grant_accessright1 [,
... grant_accessrightN]]
[DENY deny_accessright1 [,
... deny_accessrightN]]);
where:
-
GROUP "ace_group_name" is the name of the group for which an ACE is to be added, of type string.
-
USER "user_name" is the login name of the user to be assigned to the new ACE, of type string.
-
GROUP "group_name" is the login name of the group to be assigned to the new ACE, of type string.
-
ACCESSRIGHTS indicates what access rights to grant or deny:
-
VIEW grants View rights: BROWSE, READ, USE, EXECUTE.
-
MODIFY grants Modify rights: BROWSE, READ,WRITE, DELETE, USE, EXECUTE.
-
FULLCONTROL grants all rights.
-
DENIEDALL explicitly denies all rights.
-
DEFAULT neither grants nor denies rights; all rights are inherited from groups.
-
CUSTOM allows you to specify which rights are granted and denied:
-
GRANT grant_accessright1..N is the access right (or list of access rights) to be granted to/from the ACE, from the following list: BROWSE, READ, WRITE, DELETE, CONTROL, USE, EXECUTE.
-
DENY deny_accessright1..N is the access right (or list of access rights) to be denied to/from the ACE, from the following list: BROWSE, READ, WRITE, DELETE, CONTROL, USE, EXECUTE.
-
CHILDRENACCESSRIGHTS indicates what access rights to grant or deny to this group's children, as for ACCESSRIGHTS.
Example
>ADD ACE FOR GROUP "Managers" USER "PChang"
ACCESSRIGHTS FULLCONTROL CHILDRENACCESSRIGHTS MODIFY;