Access Control List Editor

Use the Access Control List Editor to define access permissions for an object and the associated ACL.

Note: Access permissions in the ACL determine the options and actions that are available to you. For example, the Remove shortcut menu options are not available to roles limited to read access.

Description

Enter text that describes the ACL (up to 40 characters).

Owner

The user account with all access rights to the ACL. The owner can always read, update, or delete the ACL even if the account is included in a role that is denied access to these actions. To change the owner, click Change Owner.

Note: The Security Administrator is the owner of the (Default) ACL and Optim™ Object Template ACL.

Access Control Domain

The ACD that forms the basis for the roles in the ACL. An ACL references roles in the ACD in order to translate them into network accounts. Roles not defined in the ACD, or in the ACD but not referenced in the ACL, are denied access.

Object Type

The type of object secured by the ACL.

ACL Grid

The grid allows you to list roles in the ACL and define permissions.

Role

Enter a role name or select from the drop-down list of roles in the ACD. Role names not included in the ACD are italicized.

Notes:

If the ACD does not include any roles, the Role list is not available.
A role that is not defined in the ACD is denied all access.
A user or group account that is not included in a listed role is denied all access.
The most restrictive permission applies to a user or group account that is included in multiple roles in the ACL.

Access Type

Allow and Deny identify the check boxes in their rows. If both the Allow and Deny check boxes are cleared, accounts in the role are provisionally denied the privilege but may be granted the privilege as members of another role.

Object Access

Possible access to the object. Use each set of Allow and Deny check boxes to define access permissions for the role.

Read: Controls the ability to open or view an object. If access is denied, a warning popup indicates the object is restricted by security.
A role must have Read access, in addition to Update access, to the object in order to update the object.
Update: Controls the ability to save an object. If access is denied, the Save command will not be available from the object editor.
Note: Roles denied update access can use the Save As command to rename an object.
Delete: Controls the ability to delete an object. If access is denied, the Delete command is not available from the object editor and the Open dialog.
Execute: Controls the ability to run a process. This option is available only for objects created with editors listed in the Actions menu. If access is denied, the Run command is not available from the Request Editor and the Execute command is not available from the Table Editor.

ACL Access

Possible access to the ACL. Use each set of Allow and Deny check boxes to define access permissions for the role. If both the Allow and Deny check boxes are cleared, accounts in the role are provisionally denied the privilege but may be granted the privilege as members of another role.

Read: Controls the ability to view the ACL. A role must have Read access, in addition to Update access, to the ACL in order to update the ACL.
Update: Controls the ability to modify the ACL.
Delete: Controls the ability to delete the ACL. Not available for ACDs or File Access Definitions or for Optim objects that are secured automatically when saved.

Shortcut Menu Commands

Right-click the grid to display the following shortcut menu commands:

Remove: Remove the selected role from the ACL.
Remove All: Remove all roles from the ACL.
Allow All: Allow all Object Access, ACL Access, or both to the role.
Deny All: Deny all Object Access, ACL Access, or both to the role.
Clear All Allowed: For the role, clear all Allow check boxes for Object Access, ACL Access, or both.
Clear All Denied: For the role, clear all Deny check boxes for Object Access, ACL Access, or both.

Right-click the grid column for an action to display the following shortcut menu commands:

Allow All action Access: Allow access to all roles for the selected action.
Clear All action Access: Clear all Allow and Deny check boxes for all roles for the selected action.
Deny All action Access: Deny access to all roles for the selected action.

Command Buttons

The following command buttons are available on the Access Control List Editor:

Change Owner: Open the Security Users dialog to assign ACL ownership to another user account. Available to user accounts permitted to update the ACL who are also the ACL owner or the Security Administrator for the Optim Directory. For more information about this dialog, see Security Users.
Note: Change Owner is not available for the (Default) ACL and the Optim Object Template ACL.
Model After: Open the Select Access Control List Model dialog to model the ACL after another ACL. Available to roles permitted to update the ACL. For more information about this dialog, see Select Access Control List Model.

Security Users

Click Change Owner to open the Security Users dialog, used to reassign ACL ownership. Use this dialog to select a user account from a list of accounts in a specified network domain.

To display the list, select an Optim Server Name and a Domain. To select a network user account, click the name in the Users grid, and click Select.

Server Name

Select the name of a Server. If your site does not use a Server, (Local) is displayed.

Domain

Select the name of the domain for the users you want to list. The domain is within a network that includes the server in Server Name.

Note: If a UNIX server is selected, the node name is displayed in Domain and in the Users grid.

Users

A list of user accounts by Name, with Domain and a Description.

Select Access Control List Model

To model an ACL after the ACL for another security definition or Optim object, click Model After to open the Select Access Control List Model dialog.

To select an ACL as a model, enter the object type and name. To apply the ACL for the selected object as a model, click OK. The roles and permissions from the model are then displayed in the Access Control List Editor.

Object Name

Name of the object with the model ACL.

Object Type

Type of object with the model ACL.

Use As Model

Select an ACL to use as a model, using the following:

Optim Object Template ACL: Option to use the Optim Object Template ACL as the model.
Existing Access Control List: Option to use the ACL as the model type and name.
Type: Select the object type associated with the model ACL.
Name: Type or select the object name associated with the model ACL.
You can also use the Name browse button to open the Select an Access Control List dialog, used to select a model ACL from a list of objects. If you select an ACL using the Select an Access Control List dialog, the Type and Name for the selected ACL will be displayed automatically.

To populate Type and Name with the current entries each time you open the Select Access Control List Model dialog, click Set as Default.

Select an Access Control List

Use the Select an Access Control List dialog to select a model ACL from a list of objects. The Identifier area displays the object types to list in the dialog.

After you select an Identifier, the associated ACLs are listed. Double-click the desired ACL to select it as a model.

Note: An ACL is identified by the name of its associated object.

Enter Pattern for Access Control List allows you to limit the ACL list to names that match the specified criteria. You can use the % (percent) wild card to represent one or more characters, or use the _ (underscore) wild card to represent a single character. (The underscore must be selected as the SQL LIKE character on the General tab of Personal Options.) After you specify a Pattern, click Refresh to display the list again based on your criteria.