OMA-TS-DM_TND-V1_2_1-20080617-A(17)

In the event that this process removes the only Server Identifier for a command in the root ACL, the ACL for that command MUST become "*" or a suitable factory default. This is in order to comply with the restriction on the root ACL specified in Section 7.7.1.2 in this document.

7.7.1.5 ACL syntax

The ACL structure is a list of Server Identifiers where each identifier is associated with a list of OMA DM command names [DMPRO]. The right to perform a command is granted if an identifier is associated with the name of the command that is to be performed.

The Server Identifier can also have a wildcard value assigned to it. This means that any Server Identifier used to access the Node and/or its properties is granted access.

ACL are carried over OMA DM as a string. The string MUST be formatted according to the following simple grammar.

<acl> ::= <acl-value> | ”No value”

<acl-value> ::= <acl-entry> | <acl-value> & <acl-entry> <acl-entry> ::= <command> = <server-identifiers> <server-identifiers> ::= <server-identifier> | <server-identifier> + <server-identifiers>

<server-identifier> ::= * | “All printable characters except ‘=’, ‘&’, ‘*’, ‘+’ or white-space characters.” <command> ::= Add | Delete | Exec | Get | Replace

For uniqueness, it is RECOMMENDED that the Server Identifier contain the domain name of the server. For efficiency

reasons it is also RECOMMENDED that it is kept as short as possible. The wildcard value for a Server Identifier is character ‘*’. If a <server-identifier> has the value ‘*’, then there SHOULD NOT be any other <server-identifier>values associated with this command in the current ACL. If an ACL entry contains both a wild card, ‘*’, and a <server-identifier>, the access right granted by the <server-identifier> is overridden by the wild card. Example ACL value:

Add=www.sonera.fi-8765&Delete=www.sonera.fi-8765&Replace=www.sonera.fi-8765+321_&Get=*

There is no ACL representation for the Copy command. Copy exists as a command on its own mainly for efficiency reasons. Any result of a Copy command can always be created by a sequence of other commands. To successfully execute a Copy, a server needs to have the correct access rights for the equivalent Add, Delete, Get, and Replace commands.