{ 
    components: [ 
      The components whose access control list is to be updated; components can be groups, rule sets, or templates, which are the types of components that support ACLs 

       ComponentId
    ] * 

     customRights: { 
      The changes to be made to the rights in each component's ACL; this is a map where the key is a right string appropriate to the components, and the value is a flag indicating the type of change to make to the right; for the flag value, a null means no change, a true means grant the right, and a false means revoke the right; when this field is null, the specified roles are set back to default rights 
    } 

     roles: [ 
      The roles whose rights are to be modified in the access control list of each component 

       ComponentId
    ] * 
}

{ 
    canEditFlag: boolean 
   {{Whether or not the user is allowed to edit (grant or revoke) the rights for the specified role (read-only) }}

     roleId: ComponentId*
    The role being granted the specified rights 

     rights: [ 
      The rights being granted to the users who belong to the specified role; the right strings used here are specific to the type of component that owns this ACL; when null, means default rights are granted to the role (that is, the rights granted by the role definition, not by this ACL); when non-null but empty, means no rights are granted to the role;otherwise, the specified rights are granted to the role 

       string 
    ] 
}

{ 
    id: string 
    The database key of the component; an incoming component can be identified either by its database key, or by its unique name, or by its name with qualifiers which are unique when combined; when this database key is present, it takes precedence and componentName and qualifiers(when present) are used to verify the retrieved component 

     componentName: string 
    The name of the component; an incoming component can be identified either by its database key, or by its unique name, or by its name with qualifiers which are unique when combined; this name is used to verify any component retrieved by database key, and is used if there is no database key or if the database key fails to resolve; for componentType Configuration and HardwareInventory, componentName is the created timestamp (in milliseconds); for componentType SecurityVulnerability, componentName is the securityVulnerabilityID; for componentType SnmpManagerStation, componentName is the address 

     componentType: string * 
    The type of the component, used to verify what is retrieved by key/name; valid values are: Combogroup, Condition, Configuration, Device, DeviceAdapter, DeviceAgent, DeviceSecurityProfile DynamicField, EmailDistributionList, Group, HardwareInventory, JobApprovalType, Keyword, Model, OsImage, PredefinedJob, Realm, RemoteFileServer, Role, Rule, RuleSet, SecurityVulnerability, SnmpManagerStation, Template, and User 

     qualifiers: { 
      Any additional single qualifier needed to identify the component uniquely, when the name alone is not sufficient; the map key is the extra attribute name string; the map value string completes the identification of the component; for componentType Configuration and HardwareInventory: key=deviceKey, value=database key of the device the item belongs to, key=deviceName, value=name of the device the item belongs to, key=timestamp, value=creation date/time in server display format; for componentType DeviceAdapter: key=adapterType, value=type of the device adapter, key=parent, value=parent or owner used for organizing certain types of adapters, key=vendorName, value=name of the vendor that owns a device type; for componentType DynamicField: key=type, value=base class name of the component associated with the dynamic field; for componentType Group, ComboGroup: key=realmName, value=name of the realm the group belongs to; for componentType Model: key=vendorGuid, value=the vendor GUID; for componentType OsImage: key=filename, value=name of the file(s) making up the image; for componentType SecurityVulnerability: key=vendorGuid, value=the vendor GUID 
    } 
}

{ 
    availableCustomRights: [ 
      Full set of rights applicable to a component's ACL 

       string 
    ] 

     components: [ 
      The components whose access control list the user is allowed to edit; components can be groups, rule sets, or templates 

       ComponentId
    ] 

     defaultCustomRights: [ 
      For each role the user is allowed to edit, which of the availableCustomRights are granted by that role 

       PerRoleRightsDTO
    ] 

     grantedCustomRights: [ 
      Of the availableCustomRights, the rights the user is granted, and thus the rights the user is allowed to modify (grant or revoke) in the components 

       string 
    ] 
}

{ 
    id: string 
    The database key of the dynamic field whose value this is (read-only) 

     name: string 
    The name of the dynamic field (read-only) 

     values: [ 
      The value(s) for the dynamic field; for a single-value field, only the first entry is relevant; read-only for Auto Derived and Configuration Profiled types 

       string 
    ] 

     dynamicFieldDetailsLink: string 
    Link to get more detailed information about the dynamic field (read-only) 
}

[ 
    A list of JSON Patch operations 

     JsonPatch.OneOperation
  ]

{ 
}

string 
  Pointer or path to an element or property

{ 
    op: string * 
   Enum: [
     "add"
   ]
    value: any * 
    path: JsonPatch.Pointer*
}

{ 
    op: string * 
   Enum: [
     "remove"
   ]
    path: JsonPatch.Pointer*
}

{ 
    op: string * 
   Enum: [
     "replace"
   ]
    value: any * 
    path: JsonPatch.Pointer*
}

{ 
    op: string * 
   Enum: [
     "move"
   ]
    path: JsonPatch.Pointer*
    from: JsonPatch.Pointer*
}

{ 
    op: string * 
   Enum: [
     "copy"
   ]
    path: JsonPatch.Pointer*
    from: JsonPatch.Pointer*
}

{ 
    op: string * 
   Enum: [
     "test"
   ]
    value: any * 
    path: JsonPatch.Pointer*
}

{ 
    role: ComponentId
    A role that can used for editing an ACL 

     rights: [ 
      The rights granted by the role; in case of groups, these are network rights for the realm that the group belongs to 

       string 
    ] 
}

{ 
    id: string 
    The rule set's unique database key (read-only) 

     name: string * 
    The rule set's unique display name 

     acl: [ 
      How users can manipulate this rule set, for the accessible roles, containing rule set rights; applicable only when rule set ACLs are enabled in the system parameters; ignored on input if rule set ACLs are disabled; if there are multiple entries for the same role, the rights are combined together; during an update, a null value reverts the custom rights of accessible roles back to default rights 

       AclDTO
    ] 

     assignedGroupFilters: { 
      The names of any groups whose member devices are to be checked against the rules in this rule set; map key is the name of the group (asterisk wildcards allowed); map value is a list of ComponentId containing the realm(s) that own the groups of interest (where a null value means all realms); null when the rule set applies to the entire network 
    } 

     assignedSpanIds: [ 
      The network spans whose member devices are to be checked against the rules in this rule set; null when the rule set applies to the entire network 

       ComponentId
    ] 

     assignedSpans: string 
    String version of the assignedSpanIds and assignedGroupFilters fields, listing the names of the assigned network spans (read-only) 

     assignedToEntireNetworkFlag: boolean 
    Whether or not the rules in this rule set are to be applied to all devices in the system 

     canCopyFlag: boolean 
    Whether or not the user is allowed to copy this rule set (read-only) 

     canDeleteFlag: boolean 
    Whether or not the user is allowed to delete this rule set (read-only) 

     canDisableFlag: boolean 
    Whether or not the user is allowed to disable this rule set (read-only) 

     canEditFlag: boolean 
    Whether or not the user is allowed to edit this rule set (read-only) 

     canEnableFlag: boolean 
    Whether or not the user is allowed to enable this rule set (read-only) 

     enabledFlag: boolean 
    Whether or not the rule set is enabled 

     excludedGroupFilters: { 
      The names of any groups whose member devices are excluded from being checked against all of the rules in this rule set; map key is the name of the group (asterisk wildcards allowed); map value is a list of ComponentId containing the realm(s) that own the groups of interest (where a null value means all realms) 
    } 

     excludedSpanIds: [ 
      Any network spans whose member devices are excluded from being checked against all of the rules in this rule set 

       ComponentId
    ] 

     excludedSpans: string 
    String version of the excludedSpanIds and excludedGroupFilters fields, listing the names of the excluded network spans (read-only) 

     dynamicFields: [ 
      The dynamic fields 

       DynamicFieldValueDTO
    ] 
}