Lua Library Permissions

When Core > Lua Security Options > Lua Security Mode is set to restrictive, the Strict Security Options section becomes available, allowing to configure permissions for Lua libraries required by Lua scripts.

Lua Library Permissions in the Property Panel

As for running Lua scripts, the following options also exist for including Lua libraries:

  • Permissive - all libraries can be included without any restrictions

  • Restrictive - all libraries to be included in Lua scripts need to be listed and enabled in the Lua Require Permissions table.

  • Inherit - Lua Library Permissions are inherited from the parent Core (only applies to Local Cores)

If the Lua Library Mode is set to restrictive, by default Lua scripts can not include ('require') any Lua libraries. To be included, Libraries need to be explicitly allowed to be required by Lua scripts. Which libraries can be included is defined by a number of rules hosted by the Lua Library Permissions table property.

Libraries are identified by the combination of their name (Library Name), the object hosting the Script Library (Script Library Object) and the Security Subject. Empty values in a column behave like a wildcard. So that any value results in a good match for this criteria.

When a script requires a library, the system tries to match this library against the rules in this table, from top to bottom. The first rule which matches the library is applied - all subsequent rules are ignored.

The context menu provides a number of means to rearrange the order of the rules or set specific values like <null> and built-in. Rules can also be disabled there.

Table 1. The Columns of the Lua Library Permissions Table
Column Function

Allow Library

if selected, the specified library can be required by Lua scripts; otherwise including this library is prohibited

Script Library Object

the path to the object hosting the Script Library; use 'built-in' for all built-in libraries; '' or <null> for all built-in and user-defined script libraries

Library Name

the name of the library; '' or <null> for all library names

Security Subject

the Security Context defined by a Script Profile, a Profile, a Security Perimeter, or a Core object, 'built-in' for all built-in libraries. If set to '' or <null>, the selection is not limited by any Security Subject.

Comment

add a note regarding the purpose of this rule

Lua Security Mode Restrictive also applies to libraries. If a library wants to access objects, the object hosting the library needs to be granted access rights by referencing a Security Context. See Lua Security for more information.