IBM InfoSphere Master Data Management, Version 10.1Access control groups (ACGs) are groupings of access privileges for objects (catalogs, hierarchies, collaboration areas, and import jobs) that are treated at the same level in the Collaboration Server system.
You can define ACGs for data model objects such as catalogs, collaboration areas, document stores, hierarchies, selections, and workflows.
You can provide system-wide privileges to the roles. System-wide privileges can only be defined on Default ACGs. You can also associate these roles to the Default ACG.
Each role can have different privileges with an ACG. For example, users who have Role A can add, modify, or delete items from catalog A and B whereas users who have role B can only view them.
Each role needs to be assigned to a minimum of one ACG in order to have access to objects. The PIM system gives the flexibility of assigning a role to a multiple ACGs. For example, you can have a role which is assigned to Default ACG, Basic ACG, and or Advanced ACG. Which means that the role inherits the access privileges of these ACGs for the objects.
Each object needs to be assigned to a minimum of one ACG so that users and roles have access to these objects through the ACGs. One object can be assigned to only a single ACG. For example, you can assign a catalog (object) to the Default ACG, the hierarchy to the Basic ACG and a collaboration area to the Advanced ACG. Which means that the object will honour the access privileges defined in the roles associated with these ACGs. You can associate one ACG with only one object.
