IBM Content Manager, Version 8.5.0.3 Supports: IBM Content Navigator

Creating access control lists

An access control list (ACL) protects access to objects in your system by ensuring that only authorized users can access certain functions and stored objects.

An access control list consists of a set of ACL rules. An ACL rule is the combination of one user ID or one user group and one privilege set. Beginning in Version 8.6, you can create more than one ACL rule for a user or user group in an ACL.

Restriction: If you enable administrative domains, you must belong to the SuperDomain to define access control lists or privilege sets. The SuperDomain is where you can manage system objects for all domains. If you do not belong to the SuperDomain, you can define access control lists or privilege sets if you assign the privilege to create access control lists or privilege sets to a domain. Access control lists and privilege sets can be associated with multiple domains, but they cannot be managed by users in any subdomains.

Requirement: When you create an ACL, you must have one or more privilege sets defined.

To create an access control list:

Expand Authorization in the navigation pane.
Right-click Access Control Lists and click New.
In the Name field of the new Access Control List window, type a unique and descriptive name.
Optional: Type a description to help you identify the access control list.
If administrative domains are enabled, select the target domain.
Optional: In the Scope ID field, type an integer value that represents a category, such as a group of users, as defined by a client application. The values for this field are defined and used by client applications and are not used by IBM® Content Manager. If you leave this field blank, the client application receives -1 as the value.
Optional: In the Application field, type a string, up to 128 characters, that represents a client application name as defined by that client application. The values for this field are defined and used by client applications and are not used by IBM Content Manager. If you leave this field blank, the client application receives an empty string as the value.
To include a user ID or group in the access control list:
1. To search by name, type a user or group name in the Find groups/users list and click the Name radio button. To search by description, type a user or group description and click the Description radio button.
2. You can search for users, groups, or both by selecting the Users, Groups, or Both radio button. You do not need to know the exact name or description. Case is ignored when searching by name, but respected when searching by description. For fuzzy searches, use the Starting with, Containing, and Ending radio buttons to narrow the search.
3. Click Find.
4. Click Show All if you do not know which users or groups to find. The system returns all users or user groups defined in your system.
You can select the users and groups that you want from the list. Users that are associated with a privilege set that contains the ItemSuperAccess privilege are not shown. This privilege bypasses access control list checking.
Optional: Use the search options for the Find groups/users list and the Privilege Sets list to search for a user or group, or for a privilege set. Type the first few letters of what you are looking for and click Find. The first result displays. By repeatedly clicking Find, you can display additional results one at a time.
Select one user or group and match it to one privilege set.
Click Add to include the pair in the table for ACL rules, where the combinations of users or groups and privilege sets are listed.
Continue adding ACL rules to the ACL as needed, then click OK to save the ACL.