Show TOC

Background documentationSetting PCD Permissions Locate this document in the navigation structure

 

Access to PCD content is protected by access control lists (ACLs). Each object has an ACL, either specific for that object or inherited from its parent.

An ACL is a set of access control entries (ACEs), each of which specifies a principal (user, group or role) and the permission granted to that principal.

The permission is specified by a string, and any string can be specified. Developers can define their own permissions and store them in the PCD. The PCD uses its own set of permission strings (defined in IPcdStandardPermissions) to determine user rights for PCD operations on each PCD object.

Only unit objects and folders have ACLs.

Inheritance Rules

The following are inheritance rules for ACLs:

  • An object inherits permissions from its parents if it has no ACL of its own.

  • If an object has an ACL, the new ACL replaces the parents ACL and the inheritance is broken.

  • When accessing a PCD object, only the object's permissions are checked. Permissions of objects in the lookup path are not checked.

This section describes the following: