User Tools

Site Tools


access_control

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Last revision Both sides next revision
access_control [2016/03/22 10:09]
g00r00 created
access_control [2016/03/22 13:41]
g00r00 [Access Control Strings]
Line 1: Line 1:
 ====== Access Control Strings ====== ====== Access Control Strings ======
 +
 +Access Control Strings (or ACS) are found all over Mystic BBS and are used to control the who, what, and when of security access to various parts of your BBS.  Every menu, menu command, any many other functions in the BBS have an associated ACS definition which the SysOp can use to create and apply find-grained access control to all elements of the BBS.
 +
 +The ACS system is designed to allow for the most intricate security controls without requiring programming, and is comprised of a series of "functions" that either result in being True or False.  At the end, if all functions in an ACS are True, that means the user has access.
 +
 +Each ACS function is nothing more than a single character, most often followed by a parameter afterwards that supplements the function.  The most basic example of this would probably be an ACS of "s20" An ACS of "s20" uses the function "S" which means security level, followed by 20, which defines is parameter.  The result of this ACS is that the user must have a security level of 20 or higher to have access.
 +
 +In addition to this basic function and parameter system, ACS can use parenthesis to force an order of evaluation, and also offers the typical Boolean operators AND OR NOT.  Let's look at one example of a more complex ACS before we move on:
 +
 +     (s20!s21|s255)|u10|(h22!h23)
 +
 +The above ACS says that the user must have ANY one of the following things to have access:
 +
 +<code>
 +     User must have a security level of at least 20 but NOT 21 or higher
 +     (exactly level 20), OR they can have a security level of 255.
 +     
 +     OR
 +     
 +     User must be user ID #10 who may be a specific person you may want
 +     to have access regardless of any other parameters
 +     
 +     OR
 +     
 +     The user must be accessing the command between 10pm and 11pm.
 +</code>
 +
 +For most System Operators just basic ACS functions will be used, so its typically not nearly as complex as the example shown above.  Generally speaking, the security level and group ACS commands are used to build the access requirements of their BBS, meaning that a typical ACS might be "s20" or "s20g1".
 +===== ACS Function Reference =====
 +
 +
 +          Ax  -  This command is used to check the user's age.  Where X is
 +                 the age the user must be in order to pass.
 +
 +          Dx  -  This command is used to check if a user has a certain flag
 +                 toggled ON in their SECOND set of flags.  Where X is the
 +                 flag which the user must have in order to pass.  For
 +                 example: DA will require the user to have user access flag
 +                 D in flag set 2 in order to pass.
 +<code>
 +          Ex  -  This command is used to check the user's current graphics
 +                 mode.  Where X is one of the following:
 +
 +                    1 - User must have ANSI graphics
 +                    0 - User must have ASCII (none) graphics
 +</code>
 +          Fx  -  This command is used to check if a user has a certain flag
 +                 toggled ON in their FIRST set of flags.  Where X is the
 +                 flag which the user must have in order to pass.  For
 +                 example: FA will require the user to have user access flag
 +                 A in flag set 1 in order to pass.
 +
 +          Gx  -  This command is used to check if a user is in a certain
 +                 message group.  Where X is the number of the group as listed
 +                 in the message group editor.  For example: G1 will require
 +                 the user to be in message group #1 in order to pass.
 +
 +          Hx  -  This command is used to check if a user is accessing
 +                 a command at a certain hour.  Where X is the hour in the
 +                 24-hour mode (ie 00 is midnight or after, 23 is 11pm or
 +                 after).  For example: H12 will prevent the user from
 +                 accessing this command before 12 noon on any given day.
 +
 +          Mx  -  This command is used to check if a user is access a
 +                 command at a certain minute.  Where X is the minute in
 +                 the 00-59 range.  For example: M15 means that it must
 +                 be quarter past the hour or later.
 +
 +          Nx  -  This command is used to check if a user is online a
 +                 certain node number.  For example: N1 will require that
 +                 the user is currently logged in on Node 1 in order to
 +                 pass.
 +
 +          OA  -  This command is used to check the status of the user's
 +                 node message availability.  If the user is able to
 +                 receive node messages, OA will return true.  False if
 +                 they are not available.
 +
 +          OI  -  This command is used to check if a user's node status
 +                 is invisible to other nodes.  It will be set TRUE if
 +                 the user is invisible, false if not.
 +
 +          OK  -  This command is used to check the result of the last
 +                 called Boolean menu command.  For more information, see
 +                 the menu commands: -P, -Y, and -N.
 +
 +          OM  -  This command is used to check if the user has System
 +                 Operator access to the current message base, or is
 +                 the owner of the current message when reading messages
 +                 in the Message bases (and therefore has Sysop-equivalent
 +                 access to just that message)
 +
 +          ON  -  This command is True if the last message new scan had
 +                 new messages read by the user.
 +
 +          OP  -  This command is used to check the status of the user's
 +                 post / call ratio.  If the user meets the currently set
 +                 ratio, then OP will be true - otherwise, if will return
 +                 false.  This option is useful to restrict users from
 +                 downloading if they're not active message posters.
 +
 +          OV  -  This command returns True if the user has validated their
 +                 e-mail address
 +
 +          OY  -  This command returns True if the last new message scan had
 +                 new personal messages from the user.
 +
 +          Sx  -  This command is used to check if a user meets a certain
 +                 security level.  For example: S20 will require the user
 +                 to have a security level of 20 or higher in order to
 +                 pass.
 +
 +          Tx  -  This command is used to check if a user has at least
 +                 X minutes remaining in online time.  For example: T10
 +                 would require the user to have a least 10 minutes of
 +                 remaining time in order to pass.
 +
 +          Ux  -  This command is used to check a user's permanent user
 +                 number, where X is the number of the permanent index the
 +                 user must match.  For example: U1 would require the user
 +                 to have the permanent user index of 1.  Each user's
 +                 permanent index is listed in the user editor, and no two
 +                 users will ever have the same permanent index number.
 +
 +          Wx  -  This command is used to check the day of the week, where X
 +                 is the day number (0 being Sunday and 6 being Saturday)
 +
 +          Zx  -  This command is used to check if a user is in a certain
 +                 File Group.  Where X is the number of the group as listed
 +                 in the File Group editor.  For example, Z1 will require
 +                 the user to be in File Group #1 in order to pass the ACS
 +                 check.
 +
 +===== Examples =====
 +
 +Any of the above commands can be used together to create an ACS string used by Mystic BBS.  Below are some examples of how they can be used:
 +
 +          s255     - User must have security of 255 or higher.
 +          s255n1fA - User must have a security level of 255 or higher, be
 +                     currently logged into Node 1, and have user flag A
 +                     toggled on, in order to pass this ACS string.
 +          s10z1h12 - User must have a security level of 10 or higher,
 +                     be currently in File Group #1, and be accessing this
 +                     function after 12:00 noon, in order to pass this
 +                     ACS string.
 +
 +For added flexibility, Mystic also supports five logical operators which can be used in ACS:
 +
 +          & = Logical AND
 +          | = Logical OR
 +          ! = Logical NOT
 +          ^ = Always TRUE
 +          % = Always FALSE
 +
 +In addition to the operators, Mystic BBS also allows parenthesis in ACS strings to allow evaluation of grouped ACS commands.  Some examples of using operators and grouping are:
 +
 +          ^               Always returns TRUE.  Grants access to ALL users.
 +          %               Always returns FALSE. Grants access to NO users,
 +                          not even the SysOp.
 +          s10!s20         User must have a security level which is at least
 +                          10 but NOT 20 or greater.
 +          t20|s255        User must have 20 minutes of time remaining, OR
 +                          have a security level of 255.
 +          !(s255|fa)      User must NOT have a security level of 255 and flag
 +                          A toggled on.
 +          (s20fa)|(s255)  User must have a security level of 20 with flag A
 +                          toggled on, *OR* have a security level of 255 or
 +                          higher.
  
access_control.txt ยท Last modified: 2017/12/30 17:00 by g00r00