3.2.1.1 Policy Setting State
The persistent state configured by the CSE of this protocol is specified herein. The location for storing this state is implementation-specific.
Note The abstract interface notation (Public) for an ADM element indicates that the data element can be directly accessed from outside this protocol.
CentralAccessPolicyDNList: A persistent list of string-valued data elements. The string value of each element is the LDAP distinguished name of an existing CAP object.
CentralAccessPoliciesList (Public): A persistent list of CentralAccessPolicy objects.
CentralAccessPolicy: A structure data type that contains the following fields.
-
Field name
Description
CAPID
A security identifier (SID), as specified in [MS-DTYP] section 2.4.2, that identifies the CentralAccessPolicy object.
CentralAccessPolicyDN
The LDAP distinguished name of the CentralAccessPolicy object.
CentralAccessPolicyRulesList
A list of CentralAccessPolicyRule objects.
CentralAccessPolicyRule: A structure data type that contains the following fields.
-
Field name
Description
EffectiveCentralAccessPolicy
A data element of type CentralAccessPolicyCondition containing the effective access policy for the CentralAccessPolicyRule. The schema class for a CentralAccessPolicyRule is defined in [MS-ADSC] section 2.98.
StagedCentralAccessPolicy
A data element of type CentralAccessPolicyCondition containing the staged access policy for the CentralAccessPolicyRule. The schema class for a CentralAccessPolicyRule is defined in [MS-ADSC] section 2.98.
CentralAccessPolicyCondition: A structure data type that contains the following fields.
-
Field name
Description
AppliesToPredicate
An ACCESS_ALLOWED_CALLBACK_ACE value ([MS-DTYP] section 2.4.4.6) that contains the condition that defines the scope of the resources to which the CentralAccessPolicyEntry data element applies.
AccessCondition
A security descriptor value ([MS-DTYP] section 2.4.6) that contains the access condition for the CentralAccessPolicyEntry data element.