<?xml version="1.0"?>
<SECURITY>
<HTTP TRACE="ON" />
<USER NAME="God" PASS="godpassword" READ="TRUE" WRITE="TRUE" BROWSE="TRUE" EXECUTE="TRUE" />
<!--This is the setting for the user-->
<USER NAME="Guest" PASS="" READ="TRUE" BROWSE="TRUE"/>
<!--The guest user-->
<USER NAME="Tim" PASS="Tom" READ="TRUE" EXECUTE="TRUE" BROWSE="TRUE"/>
<!--Another user-->
<ITEM FILE="file1" READ="TRUE" WRITE="FALSE" EXECUTE="FALSE">
<!--Define a file and its permissions-->
<USER NAME="Jim" PASS="Morrison" READ="TRUE" WRITE="FALSE" EXECUTE="FALSE" />
<!--Define the user permissions for the file-->
<USER NAME="Bob" PASS="Marley" READ="TRUE" WRITE="FALSE" EXECUTE="TRUE" />
<!--Another user permissions for the file-->
</ITEM>
<--End of the file block-->
</SECURITY>
Il motore prima controlla se l'utente ha i permessi definiti nel file:
<ITEM FILE="file1" READ="TRUE" WRITE="FALSE" EXECUTE="FALSE">
<USER NAME="Guest" PASS="" READ="TRUE" BROWSE="TRUE"/>
Se il file security non è disponibile per la cartella, un file di default presente nella cartella system verrà utilizzato.