Access Control List Editor

Use the Access Control List Editor to define access permissions for an object and the associated ACL.

Access Control List Editor dialog
Note: Access permissions in the ACL determine the options and actions that are available to you. For example, the Remove shortcut menu options are not available to roles limited to read access.

Description

Enter text that describes the ACL (up to 40 characters).

Owner

The user account with all access rights to the ACL. The owner can always read, update, or delete the ACL even if the account is included in a role that is denied access to these actions. To change the owner, click Change Owner.

Note: The Security Administrator is the owner of the (Default) ACL and Optim™ Object Template ACL.

Access Control Domain

The ACD that forms the basis for the roles in the ACL. An ACL references roles in the ACD in order to translate them into network accounts. Roles not defined in the ACD, or in the ACD but not referenced in the ACL, are denied access.

Object Type

The type of object secured by the ACL.

ACL Grid

The grid allows you to list roles in the ACL and define permissions.

Role
Enter a role name or select from the drop-down list of roles in the ACD. Role names not included in the ACD are italicized.
Notes:
  • If the ACD does not include any roles, the Role list is not available.
  • A role that is not defined in the ACD is denied all access.
  • A user or group account that is not included in a listed role is denied all access.
  • The most restrictive permission applies to a user or group account that is included in multiple roles in the ACL.
Access Type
Allow and Deny identify the check boxes in their rows. If both the Allow and Deny check boxes are cleared, accounts in the role are provisionally denied the privilege but may be granted the privilege as members of another role.
Object Access
Possible access to the object. Use each set of Allow and Deny check boxes to define access permissions for the role.
Read
Controls the ability to open or view an object. If access is denied, a warning popup indicates the object is restricted by security.

A role must have Read access, in addition to Update access, to the object in order to update the object.

Update
Controls the ability to save an object. If access is denied, the Save command will not be available from the object editor.
Note: Roles denied update access can use the Save As command to rename an object.
Delete
Controls the ability to delete an object. If access is denied, the Delete command is not available from the object editor and the Open dialog.
Execute
Controls the ability to run a process. This option is available only for objects created with editors listed in the Actions menu. If access is denied, the Run command is not available from the Request Editor and the Execute command is not available from the Table Editor.
ACL Access
Possible access to the ACL. Use each set of Allow and Deny check boxes to define access permissions for the role. If both the Allow and Deny check boxes are cleared, accounts in the role are provisionally denied the privilege but may be granted the privilege as members of another role.
Read
Controls the ability to view the ACL. A role must have Read access, in addition to Update access, to the ACL in order to update the ACL.
Update
Controls the ability to modify the ACL.
Delete
Controls the ability to delete the ACL. Not available for ACDs or File Access Definitions or for Optim objects that are secured automatically when saved.

Shortcut Menu Commands

Right-click the grid to display the following shortcut menu commands:

Remove
Remove the selected role from the ACL.
Remove All
Remove all roles from the ACL.
Allow All
Allow all Object Access, ACL Access, or both to the role.
Deny All
Deny all Object Access, ACL Access, or both to the role.
Clear All Allowed
For the role, clear all Allow check boxes for Object Access, ACL Access, or both.
Clear All Denied
For the role, clear all Deny check boxes for Object Access, ACL Access, or both.

Right-click the grid column for an action to display the following shortcut menu commands:

Allow All action Access
Allow access to all roles for the selected action.
Clear All action Access
Clear all Allow and Deny check boxes for all roles for the selected action.
Deny All action Access
Deny access to all roles for the selected action.

Command Buttons

The following command buttons are available on the Access Control List Editor:

Change Owner
Open the Security Users dialog to assign ACL ownership to another user account. Available to user accounts permitted to update the ACL who are also the ACL owner or the Security Administrator for the Optim Directory. For more information about this dialog, see Security Users.
Note: Change Owner is not available for the (Default) ACL and the Optim Object Template ACL.
Model After
Open the Select Access Control List Model dialog to model the ACL after another ACL. Available to roles permitted to update the ACL. For more information about this dialog, see Select Access Control List Model.

Security Users

Click Change Owner to open the Security Users dialog, used to reassign ACL ownership. Use this dialog to select a user account from a list of accounts in a specified network domain.

To display the list, select an Optim Server Name and a Domain. To select a network user account, click the name in the Users grid, and click Select.

Security Users dialog

Server Name

Select the name of a Server. If your site does not use a Server, (Local) is displayed.

Domain

Select the name of the domain for the users you want to list. The domain is within a network that includes the server in Server Name.

Note: If a UNIX server is selected, the node name is displayed in Domain and in the Users grid.

Users

A list of user accounts by Name, with Domain and a Description.

Select Access Control List Model

To model an ACL after the ACL for another security definition or Optim object, click Model After to open the Select Access Control List Model dialog.

Select Access Control List Model dialog

To select an ACL as a model, enter the object type and name. To apply the ACL for the selected object as a model, click OK. The roles and permissions from the model are then displayed in the Access Control List Editor.

Object Name

Name of the object with the model ACL.

Object Type

Type of object with the model ACL.

Use As Model

Select an ACL to use as a model, using the following:

Optim Object Template ACL
Option to use the Optim Object Template ACL as the model.
Existing Access Control List
Option to use the ACL as the model type and name.
Type
Select the object type associated with the model ACL.
Name
Type or select the object name associated with the model ACL.

You can also use the Name browse button to open the Select an Access Control List dialog, used to select a model ACL from a list of objects. If you select an ACL using the Select an Access Control List dialog, the Type and Name for the selected ACL will be displayed automatically.

To populate Type and Name with the current entries each time you open the Select Access Control List Model dialog, click Set as Default.

Select an Access Control List

Use the Select an Access Control List dialog to select a model ACL from a list of objects. The Identifier area displays the object types to list in the dialog.

Select an Access Control List dialog

After you select an Identifier, the associated ACLs are listed. Double-click the desired ACL to select it as a model.

Note: An ACL is identified by the name of its associated object.

Enter Pattern for Access Control List allows you to limit the ACL list to names that match the specified criteria. You can use the % (percent) wild card to represent one or more characters, or use the _ (underscore) wild card to represent a single character. (The underscore must be selected as the SQL LIKE character on the General tab of Personal Options.) After you specify a Pattern, click Refresh to display the list again based on your criteria.



Feedback