...
| Code Block |
|---|
|
# as strings
<><#authz> acl:agent "obiwan", "yoda" .
# as URI references
<><#authz> acl:agent ex:obiwan, ex:yoda . |
...
However, listing individual users this way can get unwieldy, so you can also use the acl:agentGroup property to specify a group of users:
| Code Block |
|---|
|
<><#authz> acl:agentGroup </groups/jedi> . |
...
The next part of the authorization describes what resource can be accessed. As with the previous section on agents, there are also two ways to describe the resource. The first is to provide the URI to the resource using the acl:accessTo property:
| Code Block |
|---|
|
<><#authz> acl:accessTo </collections/rebels/plans> . |
...
| Code Block |
|---|
| language | text |
|---|
| title | Inheritable authorization using acl:default |
|---|
|
<><#authz> acl:accessTo </collections/rebels> ;
acl:default </collections/rebels> . |
The second is to use the acl:accessToClass property to state that the authorization rule applies to any resource with the named RDF type. For example, this authorization will apply to any pcdm:Container resources contained by /collections/rebels that do not have their own ACL:
| Code Block |
|---|
|
<><#authz> acl:accessToClass pcdm:Container ;
acl:default </collections/rebels> |
...