Examples of Access Rules in JSON serialization Allow READ access for Anonymous to complete API { "AllAccessPermissionRules": { "rules": [ { "ACL": { "ATTRIBUTES": [ { "GLOBAL": "ANONYMOUS" } ], "RIGHTS": [ "READ" ], "ACCESS": "ALLOW" }, "OBJECTS": [ { "ROUTE": "*" } ], "FORMULA": { "$boolean": true } } ] } } Allow READ access for Anonymous to list of semanticIDs for submodels { "AllAccessPermissionRules": { "rules": [ { "ACL": { "ATTRIBUTES": [ { "GLOBAL": "ANONYMOUS" } ], "RIGHTS": [ "READ" ], "ACCESS": "ALLOW" }, "OBJECTS": [ { "ROUTE": "*" } ], "FORMULA": { "$or": [ { "$eq": [ { "$field": "$sm#semanticId" }, { "$strVal": "SemanticID-Nameplate" } ] }, { "$eq": [ { "$field": "$sm#semanticId" }, { "$strVal": "SemanticID-TechnicalData" } ] } ] } } ] } } Allow READ and UPDATE for specific authenticated users { "AllAccessPermissionRules": { "rules": [ { "ACL": { "ATTRIBUTES": [ { "CLAIM": "email" } ], "RIGHTS": [ "READ", "UPDATE" ], "ACCESS": "ALLOW" }, "OBJECTS": [ { "IDENTIFIABLE": "(Submodel)*" } ], "FORMULA": { "$and": [ { "$or": [ { "$eq": [ { "$field": "$sm#semanticId" }, { "$strVal": "SemanticID-Nameplate" } ] }, { "$eq": [ { "$field": "$sm#semanticId" }, { "$strVal": "SemanticID-TechnicalData" } ] } ] }, { "$or": [ { "$eq": [ { "$attribute": { "CLAIM": "email" } }, { "$strVal": "user1@company1.com" } ] }, { "$eq": [ { "$attribute": { "CLAIM": "email" } }, { "$strVal": "user2@company2.com" } ] } ] } ] } } ] } } Allow READ and UPDATE for specific submodel "submodel1" { "AllAccessPermissionRules": { "rules": [ { "ACL": { "ATTRIBUTES": [ { "CLAIM": "email" } ], "RIGHTS": [ "READ", "UPDATE" ], "ACCESS": "ALLOW" }, "OBJECTS": [ { "IDENTIFIABLE": "(Submodel)https://submodel1.company1.com" } ], "FORMULA": { "$eq": [ { "$attribute": { "CLAIM": "email" } }, { "$strVal": "user1@company1.com" } ] } } ] } } Reuse of ACL, OBJECT and FORMULA { "AllAccessPermissionRules": { "DEFACLS": [ { "name": "acl1", "acl": { "ATTRIBUTES": [ { "CLAIM": "email" } ], "RIGHTS": [ "READ", "UPDATE" ], "ACCESS": "ALLOW" } } ], "DEFOBJECTS": [ { "name": "Properties", "objects": [ { "REFERABLE": "(Submodel)https://s1.com, (Property)p1" }, { "REFERABLE": "(Submodel)https://s1.com, (Property)p2" } ] } ], "DEFFORMULAS": [ { "name": "allowSubjectGroup1", "formula": { "$and": [ { "$eq": [ { "$attribute": { "GLOBAL": "UTCNOW" } }, { "$timeVal": "15:00" } ] }, { "$or": [ { "$eq": [ { "$attribute": { "CLAIM": "email" } }, { "$strVal": "user1@company1.com" } ] }, { "$eq": [ { "$attribute": { "CLAIM": "email" } }, { "$strVal": "user2@company2.com" } ] } ] } ] } } ], "rules": [ { "USEACL": "acl1", "USEOBJECTS": [ "Properties" ], "USEFORMULA": "allowSubjectGroup1" } ] } } Example with BusinessPartnerNumber { "AllAccessPermissionRules": { "rules": [ { "ACL": { "ATTRIBUTES": [ { "CLAIM": "BusinessPartnerNumber" } ], "RIGHTS": [ "READ" ], "ACCESS": "ALLOW" }, "OBJECTS": [ { "ROUTE": "*" } ], "FORMULA": { "$eq": [ { "$attribute": { "CLAIM": "BusinessPartnerNumber" } }, { "$strVal": "BPN1234" } ] } } ] } } Allow READ for all authenticated users of a company for submodels Nameplate and TechnicalData { "AllAccessPermissionRules": { "rules": [ { "ACL": { "ATTRIBUTES": [ { "CLAIM": "email" } ], "RIGHTS": [ "READ" ], "ACCESS": "ALLOW" }, "OBJECTS": [ { "IDENTIFIABLE": "(Submodel)*" } ], "FORMULA": { "$and": [ { "$or": [ { "$eq": [ { "$field": "$sm#semanticId" }, { "$strVal": "SemanticID-Nameplate" } ] }, { "$eq": [ { "$field": "$sm#semanticId" }, { "$strVal": "SemanticID-TechnicalData" } ] } ] }, { "$regex": [ { "$attribute": { "CLAIM": "email" } }, { "$strVal": "[\\w\\.]+@company\\.com" } ] } ] } } ] } } Allow READ to all Submodels with ID pattern for all authenticated users of a company for submodels with Nameplate and TechnicalData from 9:00-17:00 { "AllAccessPermissionRules": { "ATTRIBUTES": [ { "CLAIM": "companyName" } ], "RIGHTS": [ "READ" ], "ACCESS": "ALLOW", "OBJECTS": [ { "IDENTIFIABLE": "(Submodel)*" } ], "FORMULA": { "$and": [ { "$or": [ { "$eq": [ { "$field": "$sm#semanticId" }, { "$strVal": "SemanticID-Nameplate" } ] }, { "$eq": [ { "$field": "$sm#semanticId" }, { "$strVal": "SemanticID-TechnicalData" } ] } ] }, { "$eq": [ { "$attribute": { "CLAIM": "companyName" } }, { "$strVal": "company1-name" } ] }, { "$regex": [ { "$attribute": { "REFERENCE": "(Submodel)*#Id" } }, { "$strVal": "^https://company1.com/.*$" } ] }, { "$ge": [ { "$attribute": { "GLOBAL": "UTCNOW" } }, { "$timeVal": "09:00" } ] }, { "$le": [ { "$attribute": { "GLOBAL": "UTCNOW" } }, { "$timeVal": "17:00" } ] } ] } } } Example with FILTER statement { "AllAccessPermissionRules": { "rules": [ { "ACL": { "ATTRIBUTES": [ { "CLAIM": "BusinessPartnerNumber" } ], "RIGHTS": [ "READ" ], "ACCESS": "ALLOW" }, "OBJECTS": [ { "DESCRIPTOR": "(aasdesc)*" } ], "FORMULA": { "$and": [ { "$eq": [ { "$attribute": { "CLAIM": "BusinessPartnerNumber" } }, { "$strVal": "BPNL00000000000A" } ] }, { "$match": [ { "$eq": [ { "$field": "$aasdesc#specificAssetIds[].name" }, { "$strVal": "manufacturerPartId" } ] }, { "$eq": [ { "$field": "$aasdesc#specificAssetIds[].value" }, { "$strVal": "99991" } ] }, { "$eq": [ { "$field": "$aasdesc#specificAssetIds[].externalSubjectId.keys[0].value" }, { "$strVal": "PUBLIC_READABLE" } ] } ] }, { "$match": [ { "$eq": [ { "$field": "$aasdesc#specificAssetIds[].name" }, { "$strVal": "customerPartId" } ] }, { "$eq": [ { "$field": "$aasdesc#specificAssetIds[].value" }, { "$strVal": "ACME001" } ] } ] } ] }, "FRAGMENT": "$aasdesc#assetInformation.specificAssetIds[]", "FILTER": { "$or": [ { "$match": [ { "$eq": [ { "$field": "$aasdesc#specificAssetIds[].name" }, { "$strVal": "manufacturerPartId" } ] }, { "$eq": [ { "$field": "$aasdesc#specificAssetIds[].value" }, { "$strVal": "99991" } ] } ] }, { "$match": [ { "$eq": [ { "$field": "$aasdesc#specificAssetIds[].name" }, { "$strVal": "customerPartId" } ] }, { "$eq": [ { "$field": "$aasdesc#specificAssetIds[].value" }, { "$strVal": "ACME001" } ] } ] }, { "$eq": [ { "$field": "$aasdesc#specificAssetIds[].name" }, { "$strVal": "partInstanceId" } ] }, { "$eq": [ { "$field": "$aasdesc#specificAssetIds[].externalSubjectId.keys[0].value" }, { "$attribute": { "CLAIM": "BusinessPartnerNumber" } } ] }, { "$eq": [ { "$field": "$aasdesc#specificAssetIds[].externalSubjectId.keys[0].value" }, { "$strVal": "PUBLIC_READABLE" } ] } ] } } ] } }