An Access Control List (ACL) governs the ability of a role to perform actions (such as read, update, or delete) on both an object and the associated ACL. Each Access Control Domain, File Access Definition, and secured Optim™ object has an ACL.
When you secure an object, access to any associated Local objects is governed by the ACL for the parent object. Local objects are not secured individually; they are secured with the object in which they are embedded.
Use the Access Control List Editor to set access permissions for an object and the associated ACL. In general, an ACL is based upon a specific ACD, which defines the roles referenced by the ACL. Roles that are not in the ACD or not included in the ACL are denied all access to the object and ACL. However, the owner of the ACL always retains full access to the ACL, regardless of permissions granted or denied by the ACL.
In order to create an ACL when Functional Security is enabled, a user must be a member of a role to which the ACD grants Object Association Privileges for the object type. Object Association Privileges are defined on the Object Association Privileges tab in the Role Specifications dialog. Use the tab to identify object types that the role can use with the ACD. For more information about defining Object Association Privileges, see Object Association Privileges Tab.
The ACL for a security definition (ACD or FAD) is created automatically at the time the definition is saved. ACLs for other objects may be created automatically, at the time the object is created and saved, or manually. Automatically created ACLs can be edited at any time by an authorized user.
The initial ACL for a security definition references an Optim Administrator role for the owner and grants full access to the ACL for that role. The initial ACL for other objects is modeled after the Optim Object Template ACL, if one was created at the time Optim Security was configured for your installation. If the Optim Object Template ACL does not exist or the owner of the object is not granted object association privilege for the ACD that forms the basis for the Template ACL, the owner (creator) of the object is prompted to define the required ACL.
You can create an ACL manually by selecting the menu option in the object editor or the shortcut menu in the Open dialog to display the Access Control List Editor. You can also use these options to edit an ACL. Settings in the Optim Object Template ACL, if the Template ACL exists, are used to populate the Access Control List Editor. If there is no Optim Object Template ACL, the editor is blank.
You cannot delete the ACL for an object for which security is required. To delete an ACL, you must be the ACL owner or in a role that is allowed Delete permission for the ACL. To remove the ACL for an object, select the menu option in an object editor, or right-click the object name in the Open dialog and select Delete ACL from the shortcut menu. You can also click Delete on the Access Control List Editor.