Previous Topic: Masking Resource Rule KeysNext Topic: Sample Resource Rule Set

About Resource RulesHow CA ACF2 for VM Sorts Rules

How CA ACF2 for VM Sorts Rules

The rule compiler converts the rule set input into a form that the rule interpreter can use during verification. The compiler also orders the rules according to the following criteria:

  1. UID patterns, from most specific to most general
  2. SOURCE parameters in alphabetical order, with “none specified” last
  3. SHIFT parameters in alphabetical order, with “none specified” last
  4. UNTIL dates, from earliest to latest.

The first active rule whose environment matches the actual access attempt determines the access permission.