Documentation for Open Vulnerability and Assessment Language (OVAL®)
Definition Type: Element
Name: security_principle
Namespace: http://oval.mitre.org/XMLSchema/oval-definitions-5#windows
Type: oval-def:EntityObjectStringType
Containing Schema: windows-definitions-schema.xsd
MinOccurs (1)
MaxOccurs (1)
Abstract
Documentation:
The security_principle element defines the access token being specified. Security principals include users or groups with either local or domain accounts, and computer accounts created when a computer running Windows NT, Windows 2000, Windows XP, or a member of the Windows Server 2003 family joins a domain. User rights and permissions to access objects such as Active Directory objects, files, and registry settings are assigned to security principals. In a domain environment, security principals should be identified in the form: "domain\trustee name" For local security principals use: "computer name\trustee name" For built-in accounts on the system, use the trustee name without a domain. For example: ADMINISTRATOR, SYSTEM, NETWORK_SERVICES, ADMINISTRATORS (group), etc. Note that the built-in security principals should be all caps as that is how the windows apis return them.
Collapse XSD Schema Diagram:
Drilldown into var_ref in schema oval-definitions-schema_xsd Drilldown into mask in schema oval-definitions-schema_xsd Drilldown into operation in schema oval-definitions-schema_xsd Drilldown into datatype in schema oval-definitions-schema_xsd Drilldown into var_check in schema oval-definitions-schema_xsd Drilldown into EntityObjectStringType in schema oval-definitions-schema_xsdXSD Diagram of security_principle in schema windows-definitions-schema_xsd (Open Vulnerability and Assessment Language (OVAL®))
Collapse XSD Schema Code: 
<xsd:element name="security_principle" type="oval-def:EntityObjectStringType">
    <xsd:annotation>
        <xsd:documentation>The security_principle element defines the access token being specified. Security principals include users or groups with either local or domain accounts, and computer accounts created when a computer running Windows NT, Windows 2000, Windows XP, or a member of the Windows Server 2003 family joins a domain. User rights and permissions to access objects such as Active Directory objects, files, and registry settings are assigned to security principals. In a domain environment, security principals should be identified in the form: "domain\trustee name" For local security principals use: "computer name\trustee name" For built-in accounts on the system, use the trustee name without a domain. For example: ADMINISTRATOR, SYSTEM, NETWORK_SERVICES, ADMINISTRATORS (group), etc. Note that the built-in security principals should be all caps as that is how the windows apis return them.</xsd:documentation>
        <xsd:appinfo>
            <sch:pattern id="atobjsecurity_principle" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                <sch:rule context="win-def:accesstoken_object/win-def:security_principle">
                    <sch:assert test="not(@datatype) or @datatype='string'">
                        <sch:value-of select="../@id" /> - datatype attribute for the security_principle entity of an accesstoken_object should be 'string'</sch:assert>
                </sch:rule>
            </sch:pattern>
        </xsd:appinfo>
    </xsd:annotation>
</xsd:element>
Collapse Child Attributes:
Name Type Default Value Use
datatype oval-def:datatype string Optional
operation oval-def:operation equals Optional
mask oval-def:mask false Optional
var_ref oval-def:var_ref Optional
var_check oval-def:var_check all Optional
Collapse Derivation Tree:
Documentation for Open Vulnerability and Assessment Language (OVAL®)

Generated using Liquid Studio - Developer Bundle 21.0.0.0