All ACLs for all documents are described in Aspire using a nested XML structure, as follows:
<acls>
<acl name="" access="" entity="" scope=""/>
.
.
.
</acls>
For each ACL, the attributes are as follows:
Scope is only valid for NTFS ACLs
<acls>
<parentAcl name="" access="" entity="" scope=""/>
<intersectionAcl name="" access="" entity="" scope=""/>
</acls>
Note that <parentAcl>s and <intersectionAcl>s are two different methods for specifying an intersection between parent access control and individual document access control. The search engine publisher will need to choose which method they want to actually add to the indexes, based on what the search engine is able to support.
ACLs are specified in the GSA using metadata tags:
<meta name="google:aclusers" content=""/>
<meta name="google:aclgroups" content=""/>
The formula for specifying ACLs for the GSA from the Aspire ACLs is: