You may want to have permissions on things such as variables that shouldn't be changed, or applications and APIs that you don't want to execute inadvertently.

In the example httapi.conf.xml configuration file, within the permissions tag you'll find many different permissions that you can enable, with even more fine-grained ACL-style control over certain aspects of some of them.

One thing to note is that any of the ACL-like control lists we'll see below can be skipped by simply closing the <permission> tag without including the list. This will default to allow all as if you had created the list with default="allow". The following two examples will work exactly the same way.

Example one:

<permission name="set-vars" value="true"/> 

Example two:

<permission name="set-vars" value="true"> 
  <variable-list default="allow"> 
  </variable-list> 
</permission>