The various Include and Exclude statements can be used in the platform configuration file to determine which users are authenticated through Platform Services and which users are authenticated locally, and which users and groups are managed based on provisioning events and which users and groups are managed locally.
These statements allow the use of masking characters to specify a mask that can match more than one user ID or group.
For details about each Include and Exclude statement, see the corresponding statement description.
Certain special users and groups are always processed locally unless you specify the IGNORESTANDARDEXCLUDES statement. For more information about this statement, see IGNORESTANDARDEXCLUDES Statement. For a list of the users and groups in the standard exclude list, see Section 8.10, Standard Exclude List.
You can use masks to match more than one user ID or group in Include and Exclude statements. The following tables list mask characters and provide examples of masks.
Table 10-3 Mask Characters
The order in which INCLUDE and EXCLUDE statements are specified does not matter.
If more than one mask matches a given user ID or group, the most specific mask is used.
The mask is case-insensitive.
Specifying the same mask on both an INCLUDE and an EXCLUDE statement is a syntax error.
Unless EXCLUDE * is coded, INCLUDE * is assumed for each statement type. Certain special users and groups are excluded unless the IGNORESTANDARDEXCLUDES statement is specified. For details, see IGNORESTANDARDEXCLUDES Statement.
Do not code both an INCLUDE * statement and an EXCLUDE * statement of the same type.