This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.
===================
Access Control List
===================
..sidebar:: Access Control List
..image:: images/acl-finger-print.jpg
--------
Overview
--------
The current ACL system is targeted at delivering backwards compatibility
for legacy code and being able to extend this a little to add new
features without having to reimplement the whole system.
In the legacy system the access control is using the following steps to
determine if a page can be accessed by a user:
#. The user, stored in the config.xml file at system/user (one item per
user)
#. One or more groups for that user, stored in system/group which
contains priv sections.
#. A PHP file binding the priv section content to a page mask (including
wildcards)
Our temporary solution is to keep the user and the group in place and replace the
PHP file with a simple config in the model which uses the same mask construction
there was in the old codebase. To bind priv to pages, edit models/OPNsense/Core/ACL\_Legacy\_Page\_Map.txt