Creating Access Control Lists

An Access Control List (ACL) provides a mapping between a user, groups, and services and a set of permissions. You can create new ACLs to grant users, group members, and service members access to a protected resource.

About this task

An ACL is composed of a set of ACL entries. Each ACL entry specifies users, groups, and services with a list of permissions that are granted to those users, groups, and services. An ACL comes in to force only when it is added to a connection.
Important: Default ACLs must no be modified or deleted.

Procedure

  1. If the connection you want to create the ACL for is not open, search for and select the connection.
  2. Select Add a new list from the Access Control List (ACL) drop-down list.
    Add an Access Control List window.
  3. Enter a name and description.
  4. Enter the remaining ACL settings.
    Setting Description
    Access for Users Access for individual users. Each added user is given access to the resource. Click Add User to add a user. To search for and select a user, enter the first 3 characters of the given name, surname, user name, or email address of the user. Select the permissions for each entry. You can use the following permissions for Cloud Identity Service users, groups, and services:
    • r. Read. Allows users to view the object.
    • x. Execute. Allows users to run a file or script from the object.
    • T. Traverse. Allows users access to objects lower in the hierarchy.
    Note: All other permissions apply to administrative functions and are not applicable to Cloud Identity Service users, groups, and services.
    Access for Groups Access for group members. Each member of an added group is given access to the resource. Click Add Group to add a group. To search for and select a group, enter at least the first 3 characters of the group name. Select the permissions for each entry.
    Access for Services Access for service members. Each member of an added service is given access to the resource. Click Add Service to add a service. To search for and select a service, enter at least the first 3 characters of the service name. Select the permissions for each entry.
    Unauthenticated Access Specifies access permissions for unauthenticated users. Permissions might be needed for unauthenticated users. For example, you might want to permit unauthenticated users access to resources lower in the hierarchy by setting the traverse permission. To set permissions, click Allow, and select permissions for unauthenticated users.
    Any Other Access Specifies access permissions for all other authenticated users who are not specified in access for users, groups, or services. Permissions might be needed for all authenticated users. For example, you might want to permit all authenticated users access to resources lower in the hierarchy by setting the traverse permission. To set permissions, click Allow, and select permissions for all other authenticated users.
  5. Click Save New ACL.