Partager via


2.2.2.5.10 Data Model for privacyPublicationGrammar provisionGroup

provisionGroup (name='privacyPublicationGrammar')
     |
     |-- containerManifestList
     |   |-  minSupportedClientVersion
         |-  majorVersion
         |-  minorVersion
     |   |-- containerManifest
     |   |    |-- containers
                 |-- container
                   |-  id
                   |-- visible
                      |-- avoidRedundantMembers
                      |-- blocked
              |-- members
                 |-- member
                      |-  type
                      |-  role
                      |-  uri
                      |-- allowedContainers
                          |-  type
                          |-- container
                              |-  id
                      |-- defaultContainer
                          |-  id
                      |-- occurrenceConstraint
                          |-  type
                      |-- sourceNetworks
                          |-- sourceNetwork
                              |-  type
                      |-- resolutionRules
                          |-- resolutionRule
                               |-  type
                              |-  role
           |-- blockRules
                  |-- blockRule
                      |-  type
                      |-- containers
                          |-  type
                          |-- container
                              |-  id
                      |-- sourceNetworks
                          |-- sourceNetwork
                              |-  type
                      |-- minAvailability
                      |-- maxAvailability
           |-- rolePrecedence
                  |-- rolePrecedenceEntry
                      |-  type
       
 

The following XSD schema fragment defines the requirements to which a privacyPublicationGrammar provisionGroup element XML document SHOULD<135> conform.

 <?xml version="1.0" encoding="utf-8"?>
<xs:schema xmlns="http://schemas.microsoft.com/2006/09/sip/provisiongrouplist-notification"
            targetNamespace="http://schemas.microsoft.com/2006/09/sip/provisiongrouplist-notification" elementFormDefault="qualified"
 xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:ms="urn:microsoft-cpp-xml-serializer">
  
     <xs:complexType name="ProvisionGroupType">
         <xs:all>
             <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded">
                 <xs:annotation>
                     <xs:appinfo>
                     </xs:appinfo>
                 </xs:annotation>
             </xs:any>
         </xs:all>
         <xs:attribute name="name" fixed="privacyPublicationGrammar" use="required"/>
         <xs:anyAttribute namespace="##other" processContents="lax"/>
     </xs:complexType>
     <xs:element name="provisionGroup" type="ProvisionGroupType" />
 </xs:schema>
  

The privacyPublicationGrammar provisionGroup element contains the containerManifestList XML document, as shown in the example in section 4.2.2.

The following XSD schema fragment defines the requirements to which the containerManifestList XML document SHOULD<136> conform.

 <?xml version="1.0" encoding="utf-8"?>
 <xs:schema
   targetNamespace="http://schemas.microsoft.com/2008/09/sip/ContainerManifest"
   xmlns:tns="http://schemas.microsoft.com/2008/09/sip/ContainerManifest"
   xmlns:xs="http://www.w3.org/2001/XMLSchema"
   xmlns:ct="http://schemas.microsoft.com/2006/09/sip/commontypes"
   attributeFormDefault="unqualified"
   elementFormDefault="qualified">
  
   <!--
   Client should not proceed with the parsing if its namespace doesn't 
   match to the namespace of the xml.
   Change in namespace is an indication that format is not compatible.
   -->
   
   <xs:import namespace="http://schemas.microsoft.com/2006/09/sip/commontypes"
              schemaLocation="commontypes.xsd"/>
  
   <xs:simpleType name="sourceNetworkTypeEnum">
     <xs:restriction base="xs:token">
       <xs:enumeration value="sameEnterprise"/>
       <xs:enumeration value="federated"/>
       <xs:enumeration value="publicCloud"/>
     </xs:restriction>
   </xs:simpleType>
  
   <xs:simpleType name="sourceNetworkTypeEnumEx">
     <xs:union memberTypes="tns:sourceNetworkTypeEnum xs:token" />
   </xs:simpleType>
  
   <xs:complexType name="sourceNetworkType">
     <xs:sequence>
       <xs:sequence minOccurs="0" maxOccurs="1">
         <xs:sequence minOccurs="0" maxOccurs="unbounded">
           <xs:element ref="ct:delimiter"/>
           <xs:any namespace="##targetNamespace" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
         </xs:sequence>
         <xs:element ref="ct:end"/>
       </xs:sequence>
       <xs:element ref="ct:extension" minOccurs="0" maxOccurs="1"/>
     </xs:sequence>
     <xs:attribute name="type" type="tns:sourceNetworkTypeEnumEx" use="required" />
     <xs:anyAttribute processContents="lax"/>
   </xs:complexType>
  
   <xs:complexType name="sourceNetworksType">
     <xs:sequence>
       <xs:element name="sourceNetwork" type="tns:sourceNetworkType" minOccurs="1" maxOccurs="unbounded"/>
     </xs:sequence>
   </xs:complexType>
  
   <!--
   Container attributes.
   UI will show all visible containers in the access level management view.
   -->
   <xs:complexType name="containerType">
     <xs:sequence>
       <xs:element name="visible" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
       <xs:element name="avoidRedundantMembers" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
       <xs:element name="blocked" type="xs:boolean" default="false" minOccurs="0" maxOccurs="1"/>
  
       <xs:sequence minOccurs="0" maxOccurs="1">
         <xs:sequence minOccurs="0" maxOccurs="unbounded">
           <xs:element ref="ct:delimiter"/>
           <xs:any namespace="##targetNamespace" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
         </xs:sequence>
         <xs:element ref="ct:end"/>
       </xs:sequence>
       <xs:element ref="ct:extension" minOccurs="0" maxOccurs="1"/>
  
     </xs:sequence>
     <xs:attribute name="id" type="xs:unsignedInt" />
     <xs:anyAttribute processContents="lax"/>
   </xs:complexType>
  
   <xs:complexType name="containerIdType">
     <xs:sequence>
  
       <xs:sequence minOccurs="0" maxOccurs="1">
         <xs:sequence minOccurs="0" maxOccurs="unbounded">
           <xs:element ref="ct:delimiter"/>
           <xs:any namespace="##targetNamespace" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
         </xs:sequence>
         <xs:element ref="ct:end"/>
       </xs:sequence>
       <xs:element ref="ct:extension" minOccurs="0" maxOccurs="1"/>
  
     </xs:sequence>
     <xs:attribute name="id" type="xs:unsignedInt" />
     <xs:anyAttribute processContents="lax"/>
   </xs:complexType>
   
   <xs:complexType name="containersType">
     <xs:sequence>
       <xs:element name="container" type="tns:containerType" minOccurs="1" maxOccurs="unbounded"/>
       
       <xs:sequence minOccurs="0" maxOccurs="1">
         <xs:sequence minOccurs="0" maxOccurs="unbounded">
           <xs:element ref="ct:delimiter"/>
           <xs:any namespace="##targetNamespace" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
         </xs:sequence>
         <xs:element ref="ct:end"/>
       </xs:sequence>
       <xs:element ref="ct:extension" minOccurs="0" maxOccurs="1"/>
     </xs:sequence>
     <xs:anyAttribute processContents="lax"/>
   </xs:complexType>
  
   <xs:simpleType name="allowedContainersTypeEnum">
     <xs:restriction base="xs:token">
       <xs:enumeration value="visibleContainers"/>
       <xs:enumeration value="custom"/>
     </xs:restriction>
   </xs:simpleType>
  
   <xs:simpleType name="allowedContainersTypeEnumEx">
     <xs:union memberTypes="tns:allowedContainersTypeEnum xs:token" />
   </xs:simpleType>
  
   <xs:complexType name="allowedContainersType">
     <xs:sequence>
       <xs:element name="container" type="tns:containerIdType" minOccurs="0" maxOccurs="unbounded"/>
     </xs:sequence>
     <xs:attribute name="type" type="tns:allowedContainersTypeEnumEx"/>
     <xs:anyAttribute processContents="lax"/>
   </xs:complexType>
  
   <xs:simpleType name="occurrenceTypeEnum">
     <xs:restriction base="xs:token">
       <xs:enumeration value="zero"/>
       <xs:enumeration value="one"/>
       <xs:enumeration value="zeroOrOne"/>
     </xs:restriction>
   </xs:simpleType>
  
   <xs:simpleType name="occurrenceTypeEnumEx">
     <xs:union memberTypes="tns:occurrenceTypeEnum xs:token" />
   </xs:simpleType>
  
   <xs:complexType name="occurrenceConstraintType">
     <xs:sequence>
       <xs:sequence minOccurs="0" maxOccurs="1">
         <xs:sequence minOccurs="0" maxOccurs="unbounded">
           <xs:element ref="ct:delimiter"/>
           <xs:any namespace="##targetNamespace" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
         </xs:sequence>
         <xs:element ref="ct:end"/>
       </xs:sequence>
       <xs:element ref="ct:extension" minOccurs="0" maxOccurs="1"/>
  
     </xs:sequence>
     <xs:attribute name="type" type="tns:occurrenceTypeEnumEx" use="optional" />
     <xs:anyAttribute processContents="lax"/>
   </xs:complexType>
  
   <xs:simpleType name="roleTypeEnum">
     <xs:restriction base="xs:token">
       <xs:enumeration value="delegate"/>
       <xs:enumeration value="buddy"/>
     </xs:restriction>
   </xs:simpleType>
  
   <xs:simpleType name="roleTypeEnumEx">
     <xs:union memberTypes="tns:roleTypeEnum xs:token" />
   </xs:simpleType>
  
   <!-- 
   Order of precedence for which role applies if 
   entity maps to multiple (for example, buddy and delegate)
   -->
   <xs:complexType name="rolePrecedenceEntryType">
     <xs:sequence>
       <xs:sequence minOccurs="0" maxOccurs="1">
         <xs:element ref="ct:delimiter"/>
         <xs:sequence minOccurs="0" maxOccurs="unbounded">
           <xs:element ref="ct:delimiter"/>
           <xs:any namespace="##targetNamespace" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
         </xs:sequence>
         <xs:element ref="ct:end"/>
       </xs:sequence>
       <xs:element ref="ct:extension" minOccurs="0" maxOccurs="1"/>
     </xs:sequence>
  
     <xs:attribute name="type" type="tns:roleTypeEnumEx" use="required"/>
     <xs:anyAttribute processContents="lax"/>
   </xs:complexType>
  
   <xs:complexType name="rolePrecedenceType">
     <xs:sequence>
       <xs:element name="rolePrecedenceEntry" type="tns:rolePrecedenceEntryType" minOccurs="1" maxOccurs="unbounded"/>
     </xs:sequence>
   </xs:complexType>
  
   <!-- 
   Defines resolution action to be (implictly) taken if 
   memberType constraints have been violated
   -->
   <xs:simpleType name="resolutionTypeEnum">
     <xs:restriction base="xs:token">
       <xs:enumeration value="removeFromContainer"/>
       <xs:enumeration value="moveToDefaultContainer"/>
       <xs:enumeration value="forceRole"/>
     </xs:restriction>
   </xs:simpleType>
  
   <xs:simpleType name="resolutionTypeEnumEx">
     <xs:union memberTypes="tns:resolutionTypeEnum xs:token" />
   </xs:simpleType>
  
   <xs:complexType name="resolutionRuleType">
     <xs:sequence>
       <xs:sequence minOccurs="0" maxOccurs="1">
         <xs:element ref="ct:delimiter"/>
         <xs:sequence minOccurs="0" maxOccurs="unbounded">
           <xs:element ref="ct:delimiter"/>
           <xs:any namespace="##targetNamespace" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
         </xs:sequence>
         <xs:element ref="ct:end"/>
       </xs:sequence>
       <xs:element ref="ct:extension" minOccurs="0" maxOccurs="1"/>
     </xs:sequence>
     
     <xs:attribute name="type" type="tns:resolutionTypeEnumEx" use="required"/>
     <xs:attribute name="role" type="tns:roleTypeEnumEx" use="optional"/>
     <xs:anyAttribute processContents="lax"/>
   </xs:complexType>
  
   <xs:complexType name="resolutionRulesType">
     <xs:sequence>
       <xs:element name="resolutionRule" type="tns:resolutionRuleType" minOccurs="1" maxOccurs="unbounded"/>
     </xs:sequence>
   </xs:complexType>
  
   <xs:simpleType name="memberTypeEnum">
     <xs:restriction base="xs:token">
       <xs:enumeration value="user"/>
       <xs:enumeration value="domain"/>
       <xs:enumeration value="sameEnterprise"/>
       <xs:enumeration value="federated"/>
       <xs:enumeration value="publicCloud"/>
       <xs:enumeration value="everyone"/>
       <xs:enumeration value="singleIdentityUser"/>
     </xs:restriction>
   </xs:simpleType>
  
   <xs:simpleType name="memberTypeEnumEx">
     <xs:union memberTypes="tns:memberTypeEnum xs:token" />
   </xs:simpleType>
  
   <xs:complexType name="memberType">
     <xs:sequence>
  
       <!-- 
       Allowed containers for the member.
       -->
       <xs:element name="allowedContainers" type="tns:allowedContainersType" 
                   minOccurs="1" maxOccurs="1"/>
  
       <!--
       Default container for the member.
       -->
       <xs:element name="defaultContainer" type="tns:containerIdType" 
                   minOccurs="0" maxOccurs="1"/>
  
       <!--
       Occurrence constraint on the member. There can be only one such constraint.
       Constraint check will be applied on all visible containers.
       If constraint fails, member will be deleted from all containers and placed in 
       the default container.
       -->
       <xs:element name="occurrenceConstraint" type="tns:occurrenceConstraintType" 
                   minOccurs="0" maxOccurs="1"/>
  
       <xs:sequence minOccurs="0" maxOccurs="1">
         <!-- W14 extension -->
         <xs:element ref="ct:delimiter"/>
         <xs:element name="sourceNetworks" type="tns:sourceNetworksType" minOccurs="0" maxOccurs="1"/>
         <xs:element name="resolutionRules" type="tns:resolutionRulesType" minOccurs="0" maxOccurs="1"/>
  
         <xs:sequence minOccurs="0" maxOccurs="unbounded">
           <xs:element ref="ct:delimiter"/>
           <xs:any namespace="##targetNamespace" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
         </xs:sequence>
         <xs:element ref="ct:end"/>
       </xs:sequence>
       <xs:element ref="ct:extension" minOccurs="0" maxOccurs="1"/>
  
     </xs:sequence>
     <xs:attribute name="type" type="tns:memberTypeEnumEx" use="optional" />
     
     <!--
     If role is present, client should identify all the members of that role and
     enforce occurrence constraint on those members.
     -->
     <xs:attribute name="role" type="tns:roleTypeEnumEx" use="optional" />
     
     <xs:attribute name="uri" type="xs:anyURI" use="optional" />
     <xs:anyAttribute processContents="lax"/>
   </xs:complexType>
  
   <xs:complexType name="membersType">
     <xs:sequence>
       <xs:element name="member" type="tns:memberType" minOccurs="1" maxOccurs="unbounded"/>
     </xs:sequence>
   </xs:complexType>
   
   <xs:simpleType name="unboundedType">
     <xs:union memberTypes="xs:unsignedInt">
       <xs:simpleType>
         <xs:restriction base="xs:token">
           <xs:enumeration value="unbounded"/>
         </xs:restriction>
       </xs:simpleType>
     </xs:union>
   </xs:simpleType>
   
   <xs:simpleType name="blockTypeEnum">
     <xs:restriction base="xs:token">
       <xs:enumeration value="invites"/>
       <xs:enumeration value="subscriberPrompt"/>
     </xs:restriction>
   </xs:simpleType>
  
   <xs:simpleType name="blockTypeEnumEx">
     <xs:union memberTypes="tns:blockTypeEnum xs:token" />
   </xs:simpleType>
  
   <!-- 
   Rule defining the blocking actions expected to be performed by clients.
   -->
   <xs:complexType name="blockRuleType">
     <xs:sequence>
  
       <!-- 
       Containers to which this rule apply.
       -->
       <xs:element name="containers" type="tns:allowedContainersType" minOccurs="0" maxOccurs="1"/>
  
       <!--
       Source networks to which this rule apply.
       -->
       <xs:element name="sourceNetworks" type="tns:sourceNetworksType" minOccurs="0" maxOccurs="1"/>
       
       <!--
       Availability range to which this rule apply.
       -->      
       <xs:element name="maxAvailability" type="tns:unboundedType" default="unbounded" minOccurs="0" maxOccurs="1"/>
       <xs:element name="minAvailability" type="tns:unboundedType" default="0" minOccurs="0" maxOccurs="1"/>
  
       <xs:sequence minOccurs="0" maxOccurs="1">
         <xs:element ref="ct:delimiter"/>
         <xs:sequence minOccurs="0" maxOccurs="unbounded">
           <xs:element ref="ct:delimiter"/>
           <xs:any namespace="##targetNamespace" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
         </xs:sequence>
         <xs:element ref="ct:end"/>
       </xs:sequence>
       <xs:element ref="ct:extension" minOccurs="0" maxOccurs="1"/>
  
     </xs:sequence>
     <xs:attribute name="type" type="tns:blockTypeEnumEx" use="required" />
     
     <xs:anyAttribute processContents="lax"/>
   </xs:complexType>
  
   <xs:complexType name="blockRulesType">
     <xs:sequence>
       <xs:element name="blockRule" type="tns:blockRuleType" minOccurs="1" maxOccurs="unbounded"/>
     </xs:sequence>
   </xs:complexType>
   
   <xs:complexType name="containerManifestType">
     <xs:sequence>
       <xs:element name="containers" type="tns:containersType" minOccurs="0" maxOccurs="1"/>
       <xs:element name="members" type="tns:membersType" minOccurs="0" maxOccurs="1"/>
  
       <xs:sequence minOccurs="0" maxOccurs="1">
         <!-- W14 extension -->
         <xs:element ref="ct:delimiter"/>
         <xs:element name="blockRules" type="tns:blockRulesType" minOccurs="0" maxOccurs="1"/>
         <xs:element name="rolePrecedence" type="tns:rolePrecedenceType" minOccurs="0" maxOccurs="1"/>
  
         <xs:sequence minOccurs="0" maxOccurs="unbounded">
           <xs:element ref="ct:delimiter"/>
           <xs:any namespace="##targetNamespace" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
         </xs:sequence>
         <xs:element ref="ct:end"/>
       </xs:sequence>
       <xs:element ref="ct:extension" minOccurs="0" maxOccurs="1"/>
  
     </xs:sequence>
     <xs:anyAttribute processContents="lax"/>
   </xs:complexType>
  
   <xs:complexType name="containerManifestListType">
     <xs:sequence>
       <xs:element name="containerManifest" type="tns:containerManifestType" minOccurs="1" maxOccurs="1"/>
  
       <xs:sequence minOccurs="0" maxOccurs="1">
         <xs:sequence minOccurs="0" maxOccurs="unbounded">
           <xs:element ref="ct:delimiter"/>
           <xs:any namespace="##targetNamespace" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
         </xs:sequence>
         <xs:element ref="ct:end"/>
       </xs:sequence>
       <xs:element ref="ct:extension" minOccurs="0" maxOccurs="1"/>
  
     </xs:sequence>
     
     <!-- 
     Client should not proceed with the parsing if its version is less than 
     the version in the xml. Version mismatch is an indication that 
     format is not compatible.
     Missing minSupportClientVersion will be treated as 0.0.0.0, that is, always compatible.
     -->
     <xs:attribute name="minSupportedClientVersion" type="xs:token" use="optional"/>
     <xs:attribute name="majorVersion" type="xs:unsignedInt" use="optional"/>
     <xs:attribute name="minorVersion" type="xs:unsignedInt" use="optional"/>
  
     <xs:anyAttribute processContents="lax"/>
   </xs:complexType>
   
   <xs:element name="containerManifestList" type="tns:containerManifestListType">
  
   </xs:element>
</xs:schema>

The following XSD schema fragment defines the schema for commontypes referred by the containerManifestList XSD schema.

 <?xml version="1.0" encoding="UTF-8"?>
 <xs:schema
   targetNamespace="http://schemas.microsoft.com/2006/09/sip/commontypes"
   xmlns:tns="http://schemas.microsoft.com/2006/09/sip/commontypes"
   xmlns:xs="http://www.w3.org/2001/XMLSchema"
   elementFormDefault="qualified"
   attributeFormDefault="unqualified"
   >
  
   <xs:element name="delimiter">
     <xs:complexType />
   </xs:element>
  
   <xs:element name="end">
     <xs:complexType />
   </xs:element>
  
   <xs:complexType name="extensionType">
     <xs:sequence>
       <xs:any processContents="lax" minOccurs="1"
              maxOccurs="unbounded" namespace="##other"/>
     </xs:sequence>
   </xs:complexType>
  
   <xs:element name="extension" type="tns:extensionType"/>
  
</xs:schema>

containerManifestList: A list of all containerManifests available.

containerManifest: A manifest that provides the list of containers and members. The UAC SHOULD create containers and its members based on the constraints defined in the manifest.

majorVersion (optional): Ignored.

minorVersion (optional): Ignored.

minSupportedClientVersion (optional): The minimum version of the UAC that can use the container manifest.

containers: The wrapper for the list of container elements.

container: Each container element describes a container.

  • id (required): This unsigned short integer uniquely identifies a container.

  • Visible (optional): Container attribute which, when "true", designates the container as a member of the set of containers identified with allowed containers type equal to "visibleContainers". The UAC also interprets this attribute as those containers that are displayed in its access level view.

  • avoidRedundantMembers (optional): This string indicates whether a container MAY have redundant membership. For example, redundancy occurs when a domain, as well as a user who is in that domain, are associated with a container. The value MUST be "true" or "false". The UAC SHOULD clean up redundant members from containers if the setting is "true".

  • blocked (optional): Ignored.

    members: The wrapper for the list of member elements.

    member: Describes a container member.

    type (optional): This string value specifies the type of the member. The following values are defined:

  • user: A SIP URI.

  • domain: A SIP domain.

  • sameEnterprise: All users from the same enterprise.

  • federated: All federated users.

  • publicCloud: All public cloud users.

  • everyone: All users.

  • singleIdentityUser: A user who has just one SIP uri for that particular identity. PIC contacts that have more than one SIP uri that belong to the identity SHOULD NOT be processed using this rule.

    role (optional): This string value specifies the role of the member. Note that container members matching to a member by role attribute take precedence over the corresponding match to member by type attribute. The following values are defined:

  • delegate: A user entity currently configured as a delegate for the local user.

  • buddy: A user entity currently a member of the local user’s buddy list.

    allowedContainers: The list of containers to which the member MAY be added.

  • type (required): A string that describes the access control element. The following values are defined:

    • custom: The list of containers is specified within the allowedContainers element.

    • visibleContainers: The list of containers for the member are the same as the subset of child elements of the containers element with the Visible element set to "true".

  • container (optional): The container to which the member MAY be added. There MAY be more than one element. The list of containers is specified when the type is "custom."

  • id (required): This unsigned short integer uniquely identifies a container.

    defaultContainer (optional): The default container to which the member MAY be added if the constraint is not satisfied for the member.

  • id (required): An unsigned integer that is the container identifier.

    occurrenceConstraint (optional): The mandatory membership occurrence rate the related type or role the member is present in.

  • type (required): A string that gives the number of occurrences mandated for the given type or role in a given container. The value MUST be "zero", "one", or "zeroOrOne".

    • When "Zero", a given container MUST have zero members of the related type or role. This value SHOULD be ignored by a UAC.

    • When "One", a given container MUST have one member of the related type or role.

    • When "zeroOrOne", a given container MAY have no members of the related type or role or it MAY have one member of a related type or role. It MUST NOT have more than one member of a related type or role.

    sourceNetworks (optional): A wrapper for the optional list of source networks to which the member belongs to satisfy the constraint.

    sourceNetwork: Describes a source network.

  • type (required): A string that describes the source network. The following values are defined:

    • sameEnterprise: All users from the same enterprise.

    • federated: All federated users.

    • publicCloud: All public cloud users.

    resolutionRules (optional): A wrapper for the optional list of resolution rules that are applied if the constraint is not satisfied for the member.

    resolutionRule: Describes a resolution rule.

  • type (required): The type attribute is a string that describes the resolution rule. The following values are defined:

    • removeFromContainer: The member is removed from the container if the constraint is not satisfied for the member.

    • moveToDefaultContainer: The member is moved to the default container if the constraint is not satisfied for the member.

    • forceRole: The member is forced into the role specified by the role element.

  • role (optional): A string that describes the role the member is forced into when the constraint is not satisfied for the member. This attribute is set when the type attribute has the value "forceRole". Possible values for the role attribute are "delegate" and "buddy".

    blockRules (optional): The wrapper for the list of blockRule elements.

    blockRule: Describes a blockRule element.

  • type (required): The type attribute is a string that describes the actions that are blocked. The following values are defined:

    • invites: Invites are blocked when the rule matches.

    • subscriberPrompt: Subscriber prompts are blocked when the rule matches.

  • containers (optional): The actions from the members of specified containers are blocked.

  • sourceNetworks (optional): The actions from the members of specified source networks are blocked.

  • maxAvailability (optional): Defines the upper bound of the availability range of the publisher for which this rule applies.

  • minAvailability (optional): Defines the lower bound of the availability range of the publisher for which this rule applies.

    rolePrecedence (optional): The wrapper for the list of rolePrecedenceEntry elements that defines the order of precedence for roles when a member maps to multiple roles.

    rolePrecedenceEntry: Describes a role.

  • type (required): A string that specifies a role. The possible values are "delegate" and "buddy".

For a detailed example, see section 4.2.2.