Use object security to control access to specific objects in the Optim™ directory, using an access control list (ACL). Any Optim object can be secured by associating it with an ACL. An ACL lists roles and grants or denies privileges for each role to read, update, delete, or execute (where appropriate) the object and the ACL.
For example, you might define an ACL to allow members of a role to read and execute, but not edit, a specific archive request. You can also configure your Optim solution to secure objects automatically so that a default ACL (which can be edited) is defined when the object is saved to the directory.
The roles in an ACL are defined in an access control definition (ACD) associated with the ACL. If functional security is enabled, a member of a role that is granted an object association privilege in an ACD for an object type such as, Associate Access Definition privilege, can use the ACD to define roles in an ACL for that object type. Object association privileges are not required to use object security; however, these privileges must be defined to secure objects if both functional and object security are enabled.
Once an object is associated with an ACL it is considered to be “secured,” although object security must be enabled for the security defined in the ACL to be effective. ACDs and file access definitions are automatically associated with an ACL, whether or not object security is enabled using the Configuration program.