Docs for schema item regkeyauditedpermissions_object in Open Vulnerability and Assessment Language (OVAL®)

This object has been deprecated and will be removed in version 6.0 of the language. Recommend use of the newer regkeyauditedpermissions53_object. The regkeyauditedpermissions_object element is used by a registry key audited permissions test to define the objects used to evalutate against the specified state. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. A regkeyauditedpermissions_object is defined as a combination of a Windows registry key and trustee name. The hive and key elements represents the registry key to be evaluated while the trustee name represents the account (sid) to check audited permissions of. If multiple keys or sids are matched by either reference, then each possible combination of file and sid is a matching file audited permissions object. In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the RegkeyAuditPermissionsBehaviors complex type for more information about specific behaviors.

<xsd:element name="regkeyauditedpermissions_object" substitutionGroup="oval-def:object"> <xsd:annotation> <xsd:documentation>This object has been deprecated and will be removed in version 6.0 of the language. Recommend use of the newer regkeyauditedpermissions53_object.</xsd:documentation> <xsd:documentation>The regkeyauditedpermissions_object element is used by a registry key audited permissions test to define the objects used to evalutate against the specified state. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic.</xsd:documentation> <xsd:documentation>A regkeyauditedpermissions_object is defined as a combination of a Windows registry key and trustee name. The hive and key elements represents the registry key to be evaluated while the trustee name represents the account (sid) to check audited permissions of. If multiple keys or sids are matched by either reference, then each possible combination of file and sid is a matching file audited permissions object. In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the RegkeyAuditPermissionsBehaviors complex type for more information about specific behaviors.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:complexContent> <xsd:extension base="oval-def:ObjectType"> <xsd:sequence> <xsd:choice> <xsd:element ref="oval-def:set" minOccurs="0" /> <xsd:sequence minOccurs="0"> <xsd:element name="behaviors" type="win-def:RegkeyAuditPermissionsBehaviors" minOccurs="0" /> <xsd:element name="hive" type="win-def:EntityObjectRegistryHiveType"> <xsd:annotation> <xsd:documentation>The hive that the registry key belongs to. This is restricted to a specific set of values: HKEY_CLASSES_ROOT, HKEY_CURRENT_CONFIG, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, and HKEY_USERS.</xsd:documentation> <xsd:appinfo> <sch:pattern id="rapobjhive" xmlns:sch="http://purl.oclc.org/dsdl/schematron"> <sch:rule context="win-def:regkeyauditedpermissions_object/win-def:hive"> <sch:assert test="not(@datatype) or @datatype='string'"> <sch:value-of select="../@id" /> - datatype attribute for the hive entity of a regkeyauditedpermissions_object should be 'string'</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="key" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The key element describes a registry key to be collected. Note that the hive portion of the string should not be included, as this data should be found under the hive element.</xsd:documentation> <xsd:appinfo> <sch:pattern id="rapobjkey" xmlns:sch="http://purl.oclc.org/dsdl/schematron"> <sch:rule context="win-def:regkeyauditedpermissions_object/win-def:key"> <sch:assert test="not(@datatype) or @datatype='string'"> <sch:value-of select="../@id" /> - datatype attribute for the key entity of a regkeyauditedpermissions_object should be 'string'</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> <xsd:element name="trustee_name" type="oval-def:EntityObjectStringType"> <xsd:annotation> <xsd:documentation>The trustee_name element is the unique name that associated a particular SID. A SID can be associated with a user, group, or program (such as a Windows service). In a domain environment, trustee names should be identified in the form: "domain\trustee name" For local trustee names use: "computer name\trustee name" For built-in accounts on the system, use the trustee name without a domain. For example: ADMINISTRATOR, SYSTEM, NETWORK_SERVICES, ADMINISTRATORS (group), etc. Note that the built-in trustee names should be all caps as that is how the windows apis return them.</xsd:documentation> <xsd:appinfo> <sch:pattern id="rapobjtrustee_name" xmlns:sch="http://purl.oclc.org/dsdl/schematron"> <sch:rule context="win-def:regkeyauditedpermissions_object/win-def:trustee_name"> <sch:assert test="not(@datatype) or @datatype='string'"> <sch:value-of select="../@id" /> - datatype attribute for the trustee_name entity of a regkeyauditedpermissions_object should be 'string'</sch:assert> </sch:rule> </sch:pattern> </xsd:appinfo> </xsd:annotation> </xsd:element> </xsd:sequence> </xsd:choice> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType> </xsd:element>

Definition Type:	Element
Name:	regkeyauditedpermissions_object
Namespace:	http://oval.mitre.org/XMLSchema/oval-definitions-5#windows
Type:	oval-def:ObjectType
Containing Schema:	windows-definitions-schema.xsd
Abstract
Documentation:	This object has been deprecated and will be removed in version 6.0 of the language. Recommend use of the newer regkeyauditedpermissions53_object. The regkeyauditedpermissions_object element is used by a registry key audited permissions test to define the objects used to evalutate against the specified state. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. A regkeyauditedpermissions_object is defined as a combination of a Windows registry key and trustee name. The hive and key elements represents the registry key to be evaluated while the trustee name represents the account (sid) to check audited permissions of. If multiple keys or sids are matched by either reference, then each possible combination of file and sid is a matching file audited permissions object. In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the RegkeyAuditPermissionsBehaviors complex type for more information about specific behaviors.

Derivation Tree:
	oval-def:ObjectType *regkeyauditedpermissions_object*

References:
	oval-def:object