Documentation for Open Vulnerability and Assessment Language (OVAL®)
Definition Type: Element
Name: security_principle
Namespace: http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#windows
Type: oval-sc:EntityItemStringType
Containing Schema: windows-system-characteristics-schema.xsd
MinOccurs 0
MaxOccurs 1
Abstract
Documentation:
Security principals include users or groups with either local or domain accounts, and computer accounts created when a computer running Windows NT, Windows 2000, Windows XP, or a member of the Windows Server 2003 family joins a domain. User rights and permissions to access objects such as Active Directory objects, files, and registry settings are assigned to security principals. In a domain environment, security principals should be identified in the form: "domain\trustee name" For local security principals use: "computer name\trustee name" For built-in accounts on the system, use the trustee name without a domain. For example: ADMINISTRATOR, SYSTEM, NETWORK_SERVICES, ADMINISTRATORS (group), etc. Note that the built-in security principals should be all caps as that is how the windows apis return them.
Collapse XSD Schema Diagram:
Drilldown into status in schema oval-system-characteristics-schema_xsd Drilldown into mask in schema oval-system-characteristics-schema_xsd Drilldown into datatype in schema oval-system-characteristics-schema_xsd Drilldown into EntityItemStringType in schema oval-system-characteristics-schema_xsdXSD Diagram of security_principle in schema windows-system-characteristics-schema_xsd (Open Vulnerability and Assessment Language (OVAL®))
Collapse XSD Schema Code: 
<xsd:element name="security_principle" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
    <xsd:annotation>
        <xsd:documentation>Security principals include users or groups with either local or domain accounts, and computer accounts created when a computer running Windows NT, Windows 2000, Windows XP, or a member of the Windows Server 2003 family joins a domain. User rights and permissions to access objects such as Active Directory objects, files, and registry settings are assigned to security principals. In a domain environment, security principals should be identified in the form: "domain\trustee name" For local security principals use: "computer name\trustee name" For built-in accounts on the system, use the trustee name without a domain. For example: ADMINISTRATOR, SYSTEM, NETWORK_SERVICES, ADMINISTRATORS (group), etc. Note that the built-in security principals should be all caps as that is how the windows apis return them.</xsd:documentation>
        <xsd:appinfo>
            <sch:pattern id="atitemsecurity_principle" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                <sch:rule context="win-sc:accesstoken_item/win-sc:security_principle">
                    <sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id" /> - datatype attribute for the security_principle entity of an accesstoken_item should be 'string'</sch:assert>
                </sch:rule>
            </sch:pattern>
        </xsd:appinfo>
    </xsd:annotation>
</xsd:element>
Collapse Child Attributes:
Name Type Default Value Use
datatype oval-sc:datatype string Optional
mask oval-sc:mask false Optional
status oval-sc:status exists Optional
Collapse Derivation Tree:
Documentation for Open Vulnerability and Assessment Language (OVAL®)

Generated using Liquid Studio - Developer Bundle 21.0.0.0