ReadonlyaccessThis attribute shall provide the minimum number of ACL Entries per fabric that are supported by this server.
Since reducing this value over time may invalidate ACL entries already written, this value shall NOT decrease across time as software updates occur that could impact this value. If this is a concern for a given implementation, it is recommended to only use the minimum value required and avoid reporting a higher value than the required minimum.
Readonlyacl: WritableFabricScopedAttribute<TypeFromFields<{ An attempt to add an Access Control Entry when no more entries are available shall result in a RESOURCE_EXHAUSTED error being reported and the ACL attribute shall NOT have the entry added to it. See access control limits.
See the AccessControlEntriesPerFabric attribute for the actual value of the number of entries per fabric supported by the server.
Each Access Control Entry codifies a single grant of privilege on this Node, and is used by the Access Control Privilege Granting algorithm to determine if a subject has privilege to interact with targets on the Node.
Readonlyextension: OptionalWritableFabricScopedAttribute<TypeFromFields<{ If present, the Access Control Extensions may be used by Administrators to store arbitrary data related to fabric’s Access Control Entries.
The Access Control Extension list shall support a single extension entry per supported fabric.
ReadonlysubjectsThis attribute shall provide the minimum number of Subjects per entry that are supported by this server.
Since reducing this value over time may invalidate ACL entries already written, this value shall NOT decrease across time as software updates occur that could impact this value. If this is a concern for a given implementation, it is recommended to only use the minimum value required and avoid reporting a higher value than the required minimum.
ReadonlytargetsThis attribute shall provide the minimum number of Targets per entry that are supported by this server.
Since reducing this value over time may invalidate ACL entries already written, this value shall NOT decrease across time as software updates occur that could impact this value. If this is a concern for a given implementation, it is recommended to only use the minimum value required and avoid reporting a higher value than the required minimum.
ReadonlyaccessThe cluster shall send AccessControlEntryChanged events whenever its ACL attribute data is changed by an Administrator.
• Each added entry shall generate an event with ChangeType Added.
• Each changed entry shall generate an event with ChangeType Changed.
• Each removed entry shall generate an event with ChangeType Removed.
ReadonlyaccessThe cluster shall send AccessControlExtensionChanged events whenever its extension attribute data is changed by an Administrator.
• Each added extension shall generate an event with ChangeType Added.
• Each changed extension shall generate an event with ChangeType Changed.
• Each removed extension shall generate an event with ChangeType Removed.
Modify elements using ElementModifier.alter.
Modify elements using ElementModifier.enable.
Modify elements using ElementModifier.set.
Select features using ClusterComposer.compose.
Rest...selection: SelectionT
The Access Control Cluster exposes a data model view of a Node’s Access Control List (ACL), which codifies the rules used to manage and enforce Access Control for the Node’s endpoints and their associated cluster instances. Access to this Access Control Cluster itself requires a special Administer privilege level, such that only Nodes granted such privilege (hereafter termed "Administrators") can manage the Access Control Cluster.
The Access Control Cluster shall be present on the root node endpoint of each Node, and shall NOT be present on any other Endpoint of any Node.
See
MatterSpecification.v13.Core § 9.10