Defining access control groups

Access control groups (ACGs) are groupings of access privileges for objects (catalogs, hierarchies, collaboration areas, and import jobs) that are treated at the same level in the Collaboration Server system.

Identifying ACGs

ACG is defined on a group of objects to which you can assign a level of access based on a role. For example, an ACG can be defined on one catalog, one hierarchy, and two collaboration areas. You can assign and edit privileges to this group of objects to users in Role A and view privileges to users in Role B.

You can define ACGs for data model objects such as catalogs, collaboration areas, document stores, hierarchies, selections, and workflows.

You can provide system-wide privileges to the roles. System-wide privileges can only be defined on Default ACGs. You can also associate these roles to the Default ACG.

Designing the ACGs

You can design the ACGs to cater to the requirements of the client. You might need to consider which objects need to be accessed by which roles. ACGs will help you to define the privileges for different roles in the PIM system.

Mapping of ACGs

You can map an ACG to objects. Mapping of roles to ACGs is required to provide access to objects.

Each role can have different privileges with an ACG. For example, users who have Role A can add, modify, or delete items from catalog A and B whereas users who have role B can only view them.

Each role needs to be assigned to a minimum of one ACG in order to have access to objects. The PIM system gives the flexibility of assigning a role to a multiple ACGs. For example, you can have a role which is assigned to Default ACG, Basic ACG, and or Advanced ACG. Which means that the role inherits the access privileges of these ACGs for the objects.

Mapping objects to ACGs

Mapping of objects to ACGs is required to provide users and roles access to these objects through the ACGs.

Each object needs to be assigned to a minimum of one ACG so that users and roles have access to these objects through the ACGs. One object can be assigned to only a single ACG. For example, you can assign a catalog (object) to the Default ACG, the hierarchy to the Basic ACG and a collaboration area to the Advanced ACG. Which means that the object will honour the access privileges defined in the roles associated with these ACGs. You can associate one ACG with only one object.