IBM Content Manager, Version 8.5.0.3      Supports:  IBM Content Navigator     

ACL assignment when an item is moved

The choices that the system administrator makes during item type configuration, including which access control list (ACL) is selected for an item type, determine how an ACL is assigned to items in that item type. When you are working with ACLs, you should understand how the item type configuration choices affect ACL assignment and how the ACL is assigned to an item.

When an item is moved to another item type, an action that is also known as reindexing, the ACL that is assigned to the item is determined by a series of actions, as shown in the following flowchart.
Important: Only items, resource items, and document items can be moved from one item type to another. Document part items cannot be moved from one item type to another.
Figure 1. ACL assignment when an item, resource, or document is moved from one item type to another
ACL assignment when an item, resource, or document is moved from one item type to another
The following steps explain the ACL assignment when an item, resource item, or document item is moved or reindexed.
  1. Is the ACL control mode for the target item type set to server, meaning that the Allow ACL control by application option is not selected? If no, go to Step 2. If yes, go to Step 5.
  2. The ACL control mode for the target item is set to application with the Allow ACL control by application option selected. Go to Step 3.
  3. Is the ACL provided by the user? If yes, go to Step 4. If no, go to Step 6.
  4. The reindexed item gets the user-assigned ACL. The assignment flow ends.
  5. All user-input ACLs are ignored. Go to Step 6.
  6. Is the Inherit parent folder ACL if a parent folder is assigned option selected on the item type? If yes, go to Step 7. If no, go to Step 8.
  7. Is a parent folder assigned? If no, go to Step 8. If yes, go to Step 10.
  8. Is the target item type configuration option for the default ACL for a reindexed item set to the ACL from the source item, meaning that the Keep the ACL of the item option is selected? If no, go to Step 9. If yes, go to Step 11.
  9. The target item type for the default ACL for a reindexed item is set to use the default ACL setting of the target item type. Go to Step 12.
  10. The reindexed item gets the ACL of the parent folder. The assignment flow ends.
  11. The reindexed item gets the ACL of the source item. The assignment flow ends.
  12. For the Check ACL at this binding level area, is the default ACL binding level set to Item type level? If yes, go to Step 13. If no, go to Step 14.
  13. The item gets the ACL from the active view, also known as the item type subset, from the client application. The assignment flow ends.
  14. For the Check ACL at this binding level area, the default ACL binding level is set to Item level. Go to Step 15.
  15. For the For item level ACL checking, assign ACL from area, is the default ACL choice on the target item type set to The ACL of this item type? If yes, go to Step 16. If no, go to Step 17.
  16. The ACL assignment follows the same rules as the binding level of the item type. The item gets the ACL from the ACL of the item type. The assignment flow ends.
  17. For the For item level ACL checking, assign ACL from area, the default ACL choice on the target item type is set to The default ACL of the user. Go to Step 18.
  18. The item gets the ACL from the user profile ACL. This ACL is obtained from the user definition of the user who is creating the item. The assignment flow ends.
Parent topic: Creating access control lists

Last updated: June 2015
mua20011.htm

© Copyright IBM Corporation 2015.