Flow security model allow rule

allow {sid : <Sid>, states : <Set<State>>}

It verifies that the state of the finite-state machine associated with the sid is in the set of defined states.

It returns the "granted" result if the state of the finite-state machine associated with the sid resource is in the set of defined states.

It returns the "denied" result in the following cases:

• The state of the finite-state machine associated with the sid resource is not in the set of defined states.
• The sid resource is not associated with a finite-state machine of the Flow security model object being used.
• The sid value is outside of the permissible range.

Example:

/* Any client in the solution is allowed to query a server

* of the Server class if the finite-state machine associated with this server

* is in the started or stopped state. Otherwise any client

* in the solution will be prohibited from querying a server of the Server class. */

request dst=Server {

service_flow.allow {sid : dst_sid, states : ["started", "stopped"]}

}

Page top