Access control domains list

The Access Control Domains dialog lists all access control domains (ACDs) in the Optim™ directory. You must use this dialog to open the Access Control Domain Editor needed to create a new ACD or edit an existing ACD.

From the Access Control Domains dialog, you can also list any file access definitions (FADs) and access control lists (ACLs) that are based upon a listed ACD, which can be useful when maintaining ACDs. The list might help you to select an ACD to serve as the basis for a new FAD or ACL or to analyze the potential downstream effect of a change to the ACD. Also, from the list, you can display an FAD or ACL to determine whether it references a role that should be included in the ACD.

Each Optim directory for which security is initialized contains an ACD named (Default), which is the default ACD for secured objects in the directory. (Default) also determines the roles that can create and modify additional ACDs.

Permissions needed to create an ACD

To create an ACD, a user account must be a member of a role allowed the Create Access Control Domain privilege in the (Default) ACD. If functional security is not enabled, the user account must be a member of a role with update access to the ACL for the (Default) ACD.

Open Dialog

In the main window, select Options > Security > Access Control Domains open the Access Control Domains dialog.

Access Control Domains dialog

The Access Control Domains dialog lists the ACDs in a read-only grid.

Domain

The ACD name.

Modified By

The identifier for the user account used to create or last modify the entry.

Modified Date

The date and time the ACD was created or last modified.

Description

Optional text that describes the ACD.

To open the Access Control Domain Editor and create a new ACD, click the New ACD toolbar button, select New ACD from the Tools menu, or use the shortcut menu. You can also use the shortcut menu to delete an ACD, list FADs and ACLs that are based upon the ACD, or open the ACL for the ACD.

Shortcut menu commands

Although similar to the Open dialog, the Access Control Domains dialog provides the following specialized shortcut menu commands. Access permissions in the ACL for the ACD determine the options and actions that are available to you. For example, the Delete shortcut menu option is not available to roles limited to read access.

New ACD
Open the Access Control Domain Editor to create a new ACD.
Open
Open the Access Control Domain Editor to view or edit the selected ACD.
Delete
Delete the selected ACD from the Optim directory. (Not available for the (Default) ACD.) When you delete an ACD, the (Default) ACD becomes the basis for any FADs or ACLs based upon the ACD. Roles that do not exist in the (Default) ACD are denied access.
List Object ACLs
Open the Open Object Access Control List dialog, which lists the ACLs based upon the selected ACD.

This option is available only if the ACD is the basis for one or more ACLs. (Not available for the (Default) ACD.)

View or edit ACD

To view or edit an ACD in the Access Control Domain Editor, double-click the grid row or select Open from the shortcut menu.

Note: Until network accounts are added to the Optim administrator role or new roles are created in the (Default) ACD and granted Update access in the ACL, only the Security Administrator for the Optim directory can edit (Default).

Create ACD

To create an ACD, a user must be a member of a role in the (Default) ACD, and:

Open Object Access Control List

Use the Open Object Access Control List dialog to list and display the ACLs associated with an ACD. Open this dialog by selecting List Object ACLs from the shortcut menu on the Access Control Domains dialog. This option is not available for the (Default) ACD.

Open Object Access Control List dialog


Feedback