The choices that the system administrator makes during
item type configuration, including which access control list (ACL)
is selected for an item type, determine how an ACL is assigned to
items in that item type. When you are working with ACLs, you should
understand how the item type configuration choices affect ACL assignment
and how the ACL is assigned to an item.
When an item is moved to another item type, an action
that is also known as reindexing, the ACL that is assigned to the
item is determined by a series of actions, as shown in the following
flowchart.
Important: Only items, resource items, and document
items can be moved from one item type to another. Document part items
cannot be moved from one item type to another.
Figure 1. ACL
assignment when an item, resource, or document is moved from one item
type to another
The following steps explain the ACL assignment when an
item, resource item, or document item is moved or reindexed.
- Is the ACL control mode for the target item type set to server,
meaning that the Allow ACL control by application option
is not selected? If no, go to Step 2. If yes, go to Step 5.
- The ACL control mode for the target item is set to application
with the Allow ACL control by application option
selected. Go to Step 3.
- Is the ACL provided by the user? If yes, go to Step 4. If no,
go to Step 6.
- The reindexed item gets the user-assigned ACL. The assignment
flow ends.
- All user-input ACLs are ignored. Go to Step 6.
- Is the Inherit parent folder ACL if a parent folder
is assigned option selected on the item type? If yes,
go to Step 7. If no, go to Step 8.
- Is a parent folder assigned? If no, go to Step 8. If yes, go to
Step 10.
- Is the target item type configuration option for the default ACL
for a reindexed item set to the ACL from the source item, meaning
that the Keep the ACL of the item option is
selected? If no, go to Step 9. If yes, go to Step 11.
- The target item type for the default ACL for a reindexed item
is set to use the default ACL setting of the target item type. Go
to Step 12.
- The reindexed item gets the ACL of the parent folder. The assignment
flow ends.
- The reindexed item gets the ACL of the source item. The assignment
flow ends.
- For the Check ACL at this binding level area,
is the default ACL binding level set to Item type level?
If yes, go to Step 13. If no, go to Step 14.
- The item gets the ACL from the active view, also known as the
item type subset, from the client application. The assignment flow
ends.
- For the Check ACL at this binding level area,
the default ACL binding level is set to Item level.
Go to Step 15.
- For the For item level ACL checking, assign ACL from area,
is the default ACL choice on the target item type set to The
ACL of this item type? If yes, go to Step 16. If no, go
to Step 17.
- The ACL assignment follows the same rules as the binding level
of the item type. The item gets the ACL from the ACL of the item type.
The assignment flow ends.
- For the For item level ACL checking, assign ACL from area,
the default ACL choice on the target item type is set to The
default ACL of the user. Go to Step 18.
- The item gets the ACL from the user profile ACL. This ACL is obtained
from the user definition of the user who is creating the item. The
assignment flow ends.