Global Variable

kSecAttrAccessGroup

A key whose value is a string indicating the access group an item is in.

Declaration

const CFStringRef kSecAttrAccessGroup;

Discussion

The corresponding value is of type CFStringRef and indicates the item’s one and only access group.

For an app to access a keychain item, one of the groups to which the app belongs must be the item’s group. The list of an app’s access groups consists of the following string identifiers, in this order:

Two or more apps that are in the same access group can share keychain items. For more details, see Sharing Access to Keychain Items Among a Collection of Apps.

Specify which access group a keychain item belongs to when you create it by setting the kSecAttrAccessGroup attribute in the query you send to the SecItemAdd method. Naming a group that’s not among the creating app’s access groups—including the empty string, which is always an invalid group—generates an error. If you don’t explicitly set a group, keychain services defaults to the app’s first access group, which is either the first keychain access group, or the app ID when the app has no keychain groups. In the latter case, the item is only accessible to the app creating the item, since no other app can be in that group.

By default, the SecItemUpdate, SecItemDelete, and SecItemCopyMatching methods search all the app’s access groups. Add the kSecAttrAccessGroup attribute to the query to limit the search to a particular group.

See Also

General Item Attribute Keys

kSecAttrAccess

A key whose value in an access instance indicating access control list settings for this item.

kSecAttrAccessControl

A key whose value in an access control instance indicating access control settings for the item.

kSecAttrAccessible

A key whose value indicates when a keychain item is accessible.

kSecAttrSynchronizable

A key whose value is a string indicating whether the item is synchronized through iCloud.

kSecAttrCreationDate

A key whose value indicates the item's creation date.

kSecAttrModificationDate

A key whose value indicates the item's last modification date.

kSecAttrDescription

A key whose value is a string indicating the item's description.

kSecAttrComment

A key whose value is a string indicating a comment associated with the item.

kSecAttrCreator

A key whose value indicates the item's creator.

kSecAttrType

A key whose value indicates the item's type.

kSecAttrLabel

A key whose value is a string indicating the item's label.

kSecAttrIsInvisible

A key whose value is a Boolean indicating the item's visibility.

kSecAttrIsNegative

A key whose value is a Boolean indicating whether the item has a valid password.

kSecAttrSyncViewHint

A key whose value is a string that provides a sync view hint.