An Access Control List (ACL) provides a mapping between a user, groups, and services and
a set of permissions. You can create new ACLs to grant users, group members, and service members
access to a protected resource.
About this task
An ACL is composed of a set of ACL entries. Each ACL entry specifies users, groups, and
services with a list of permissions that are granted to those users, groups, and services. An ACL
comes in to force only when it is added to a connection. Important: Default ACLs must
no be modified or deleted.
Procedure
-
If the connection you want to create the ACL for is not open, search for and select the connection.
-
Select Add a new list from the Access Control List
(ACL) drop-down list.
-
Enter a name and description.
-
Enter the remaining ACL settings.
Setting |
Description |
Access for Users |
Access for individual users. Each added user is given access to the resource.
Click Add User to add a user. To search for and select a user, enter the
first 3 characters of the given name, surname, user name, or email address of the user. Select the
permissions for each entry. You can use the following permissions for Cloud Identity Service users, groups, and services:
- r. Read. Allows users to view the object.
- x. Execute. Allows users to run a file or script from the object.
- T. Traverse. Allows users access to objects lower in the hierarchy.
Note: All other permissions apply to administrative functions and are not applicable to
Cloud Identity Service users, groups, and
services.
|
Access for Groups |
Access for group members. Each member of an added group is given access to the
resource. Click Add Group to add a group. To search for and select a group,
enter at least the first 3 characters of the group name. Select the permissions for each
entry. |
Access for Services |
Access for service members. Each member of an added service is given access to
the resource. Click Add Service to add a service. To search for and select a
service, enter at least the first 3 characters of the service name. Select the permissions for each
entry. |
Unauthenticated Access |
Specifies access permissions for unauthenticated users. Permissions might be
needed for unauthenticated users. For example, you might want to permit unauthenticated users access
to resources lower in the hierarchy by setting the traverse permission. To set permissions, click
Allow, and select permissions for unauthenticated users. |
Any Other Access |
Specifies access permissions for all other authenticated users who are not
specified in access for users, groups, or services. Permissions might be needed for all
authenticated users. For example, you might want to permit all authenticated users access to
resources lower in the hierarchy by setting the traverse permission. To set permissions, click
Allow, and select permissions for all other authenticated users. |
-
Click Save New ACL.