Notation: Standard Backus-Naur Form (BNF), plus:
[x] means one or more occurrences of x separated by commas, with no initial or terminal comma.
Also, if any <STRING> contains one of the fixed words appearing in the
following BNF rules that could lead to an ambiguity, the <STRING> should be enclosed in parentheses.
System Access Definition
<SYSTEM ACCESS DEFINITION> ::= <PERSONNEL DEFINITION> <TERMINAL
DEFINITION> <SECURITY CONTROL DEFINITION> <PERSONNEL DEFINITION> ::= Not part of this specification. <TERMINAL DEFINITION> ::= Not part of this specification. <SECURITY CONTROL DEFINITION> ::= <SECURITY STRUCTURE DEFINITION> <PERSONNEL SECURITY DEFINITION> <AUTHORIZATION GROUP DEFINITION> <TERMINAL SECURITY DEFINITION> <RELEASABILITY
DEFINITION> <RELEASABILITY DEFINITION> ::= Not part of this specification.
Security Structure Definition
<MERGE RULES> | <SECURITY COMPONENT DEFINITION> <SECURITY STRUCTURE DEFINITION> <SECURITY COMPONENT DEFINITION> ::= <DEFINE STATEMENT> <CLEARANCE STATEMENT> <SYNONYM STATEMENT> <INTERNAL STRUCTURE STATEMENT> <ACCESS RULE STATEMENT> <REQUIRED LABEL STATEMENT>
<EXTERNAL STRUCTURE STATEMENT> <REQUIREMENT STATEMENT> END; <DEFINE STATEMENT> ::= DEFINE: <COMPONENT NAME>; <CLEARANCE STATEMENT> ::=
CLEARANCES: [<CLEARANCE NAME>]; <SYNONYM STATEMENT> ::= SYNONYMS: NONE; | SYNONYMS: [<SYNONYM PAIR>]; <INTERNAL STRUCTURE STATEMENT> ::= INTERNAL STRUCTURE: NONE; | INTERNAL STRUCTURE: [<CLEARANCE NAME> <BLANKS> IMPLIES <BLANKS> (CLEARANCE NAME>]; <ACCESS RULE STATEMENT> ::= ACCESS RULES: NONE; | ACCESS RULES: [<CLEARANCE NAME, <BLANKS> ACCESSES <BLANKS> <LABEL>]; <REQUIRED LABEL STATEMENT> ::= REQUIRED LABELS: NONE; REQUIRED LABELS: [<REQUIRED LABEL>]; <EXTERNAL
STRUCTURE STATEMENT> ::= EXTERNAL STRUCTURE: NONE | EXTERNAL STRUCTURE: [<CLEARANCE NAME> <BLANKS> IMPLIES <BLANKS> <EXTERNAL CLEARANCE NAME>]; <REQUIREMENT STATEMENT> ::= REQUIREMENTS: NONE; | REQUIREMENTS: [<CLEARANCE NAME> <BLANKS> REQUIRES <BLANKS> <CLEARANCE EXPRESSION>]; <CLEARANCE EXPRESSION> ::= <PRIMARY> | <PRIMARY> <BOOLEAN OPERATOR> <PRIMARY) <PRIMARY> ::= (<CLEARANCE EXPRESSION>) |
<CLEARANCE NAME> | <BLANKS> NOT <BLANKS> <PRIMARY> <BOOLEAN
OPERATOR> ::= <BLANKS> AND <BLANKS> | <BLANKS> OR <BLANKS> <SYNONYM PAIR> ::= <BASIC NAME> = <SYNONYM NAME> <BASIC NAME> ::= <COMPONENT NAME> | <CLEARANCE NAME> | <LABEL NAME> <LABEL NAME> ::= <LABEL> | <REQUIRED LABEL> <SYNONYM NAME> ::= <STRING> <EXTERNAL CLEARANCE NAME> ::= <STRING> <COMPONENT NAME> ::= <STRING> <CLEARANCE NAME> ::= <STRING> <LABEL> ::= <STRING> <REQUIRED LABEL> ::= <STRING> <STRING> ::= <LETTER> | <LETTER> <CHARACTER STRING> <CHARACTER STRING> ::= <NONBLANK CHARACTER> | <CHARACTER> <CHARACTER STRING> <CHARACTER> ::= <NONBLANK
CHARACTER> | <SPACE> | <HYPHEN> <NONBLANK CHARACTER> ::= <LETTER> |
<DIGIT> <LETTER> ::= A \ B | C | ... | Y | Z <DIGIT> ::= 0 | 1 | 2 | ... | 8 | 9 <BLANKS> ::= <SPACE> | <SPACE> <BLANKS> <MERGE RULES> ::= <MERGE RULE STATEMENT> END; <MERGE RULE STATEMENT> ::= MERGE RULES: NONE; | MERGE RULES: [<MERGE RULE,]; <MERGE RULE> ::= <MERGE CONDITION
EXPRESSION> <BLANKS> YIELDS <BLANKS> <RESULTANT STRING> <MERGE CONDITION EXPRESSION> ::= <MERGE PRIMARY> | <MERGE PRIMARY> <BOOLEAN OPERATOR> <MERGE PRIMARY> <MERGE PRIMARY> ::= (<MERGE CONDITION
EXPRESSION>) | <LABEL NAME> | <BLANKS> NOT <BLANKS> <MERGE PRIMARY> <RESULTANT STRING> ::= <LABEL NAME> | <LABEL NAME> <BLANKS> AND <BLANKS> <RESULTANT STRING>
<PERSONNEL SECURITY DEFINITION> ::= END; | <USER CLEARANCE STATEMENT> <PERSONNEL SECURITY DEFINITION> <USER CLEARANCE STATEMENT> ::= [<USER ID>]: [( CLEARANCE NAME>, GRANTING AGENCY>, <EXPIRATION DATE,)]; <USER ID> ::= <NONBLANK CHARACTER> | <NONBLANK CHARACTER> <USER ID> <GRANTING AGENCY> ::= <LETTER) | <LETTER> <GRANTING AGENCY> <EXPIRATION DATE> ::= <MONTH> / <DAY> / <YEAR> <MONTH> ::= <DIGIT> <DIGIT> <DAY> ::= <DIGIT> <DIGIT> <YEAR> ::= <DIGIT> <DIGIT>
User Clearance Update Language
<USER CLEARANCE UPDATE LANGUAGE> ::= <GRANT USER CLEARANCE STATEMENT> | <REMOVE USER CLEARANCE STATEMENT> <GRANT USER CLEARANCE STATEMENT> ::= GRANT [(<CLEARANCE NAME>, <GRANTING AGENCY>, <EXPIRATION DATE>)] TO USER [<USER ID>] <REMOVE USER CLEARANCE STATEMENT> ::= REMOVE
<CLEARANCE SET> FROM USER [<USER ID>] <CLEARANCE SET> ::= ALL CLEARANCES | ([<CLEARANCE NAME>])
Authorization Group Definition
<AUTHORIZATION GROUP DEFINITION> ::= END; | <AUTHORIZATION GROUP SPECIFICATION> <AUTHORIZATION GROUP DEFINITION> <AUTHORIZATION GROUP SPECIFICATION> ::= <AUTHORIZATION GROUP NAME>: [<AUTHORIZATION
TYPE>] ([<AUTHORIZATION GROUP ELEMENT>]); <AUTHORIZATION GROUP NAME> ::= UNIVERSAL <AUTHORIZATION TYPE> | <AUTHORIZATION GROUP
IDENTIFIER> <AUTHORIZATION TYPE> ::= READ ONLY | CHANGE ONLY | APPEND ONLY | EXECUTE ONLY | UNRESTRICTED ACCESS | RIGHT-TO-CHANGE AUTHORIZATION SPECIFICATION | RIGHT-TO-CHANGE FILE CLASSIFICATION <AUTHORIZATION GROUP ELEMENT> ::= <AUTHORIZATION GROUP IDENTIFIER> | <USER ID> <AUTHORIZATION GROUP IDENTIFIER> ::= <NONBLANK CHARACTER> | <NONBLANK CHARACTER> <AUTHORIZATION GROUP IDENTIFIER>
Authorization Group Update Language
<AUTHORIZATION GROUP UPDATE LANGUAGE> ::= <DEFINE GROUP STATEMENT> | <ADD MEMBER STATEMENT> | <REMOVE MEMBER STATEMENT> <DEFINE GROUP
STATEMENT> ::= DEFINE GROUP <AUTHORIZATION GROUP NAME>:
[<AUTHORIZATION TYPE>] ([<AUTHORIZATION GROUP ELEMENT>]) <ADD MEMBER STATEMENT> ::= ADD ([<AUTHORIZATION GROUP ELEMENT>]) TO GROUP [<AUTHORIZATION GROUP NAME>] <REMOVE MEMBER STATEMENT> ::= REMOVE
([<AUTHORIZATION GROUP ELEMENT>]) FROM GROUP [<AUTHORIZATION GROUP NAME>]
<TERMINAL SECURITY DEFINITION> ::= END <TERMINAL CLEARANCE STATEMENT> <TERMINAL SECURITY DEFINITION> <TERMINAL CLEARANCE STATEMENT> ::=
[<TERMINAL ID>]: <CLEARANCE SET>; <TERMINAL ID> ::= Installation
dependent--not specified here (may not include comma, colon, or semicolon).
Terminal Clearance Update Language
<TERMINAL CLEARANCE UPDATE LANGUAGE> ::= <GRANT TERMINAL CLEARANCE STATEMENT> | <REMOVE TERMINAL CLEARANCE STATEMENT> <GRANT TERMINAL CLEARANCE STATEMENT> ::= GRANT <CLEARANCE SET> TO TERMINAL <TERMINAL ID> <REMOVE TERMINAL CLEARANCE STATEMENT> ::= REMOVE <CLEARANCE SET> FROM TERMINAL <TERMINAL ID>
File Authorization Specification
<FILE AUTHORIZATION SPECIFICATION> ::= <FILE NAME>: [(<AUTHORIZATION TYPE> <AUTHORIZATION ACCESS LIST,)] <AUTHORIZATION ACCESS LIST> ::= UNIVERSAL | UNIVERSAL <SET SUBTRACTION OPERATOR> <AUTHORIZATION EXPRESSION> <AUTHORIZATION EXPRESSION> <AUTHORIZATION EXPRESSION> ::= (AUTHORIZATION GROUP> | <AUTHORIZATION GROUP> <AUTHORIZATION OPERATOR> <AUTHORIZATION EXPRESSION> <AUTHORIZATION GROUP> ::= ([<AUTHORIZATION IDENTIFIER>]) <AUTHORIZATION IDENTIFIER> ::=
<AUTHORIZATION GROUP IDENTIFIER> | <USER ID> | AUTHOR <AUTHORIZATION OPERATOR> ::= <SET ADDITION OPERATOR> | <SET SUBTRACTION OPERATOR> <SET ADDITION OPERATOR> ::= + <SET SUBTRACTION OPERATOR> ::= - <FILE NAME> ::= Operating system dependent--not specified here
(may not include colon).