Administering access control lists

Edit online

You can allow or restrict specific users and groups from accessing protected resources by using access control lists (ACLs).

You can do the following tasks with the administration API:
  • Create and delete ACLs
  • Retrieve or change information that is associated with an ACL
  • List the user, group, any-other, and unauthenticated entries that are included in the ACL
  • List all defined ACLs
The name of an ACL can be of any length. The following characters are allowed in an ACL name:
  • Alphanumeric characters that are defined in the locale
  • The underscore (_) character
  • The hyphen (-) character
You can specify the following items:
  • User entries that belong in each ACL
  • Permissions or actions that each user is allowed to perform
  • Permissions or actions that are based on group membership, rather than individual user identity, to expedite administration tasks

The administration API defines the ivadmin_acl data type PDAcl object to contain a retrieved ACL. You can use administration API functions, classes, and methods to extract information from the ivadmin_aclPDAcl object.

Be sure that you understand how to define an ACL policy before you use the administration API ACL methods functions. For more information, see the section about ACL entry syntax in the IBM Verify Identity Access for Web: Administration Guide.

Table 1 describes the methods for administering ACLs.

Table 1. Administering access control lists
FunctionsMethods Description
ivadmin_acl_create()PDAcl.createAcl Creates new ACL.
ivadmin_acl_delete()PDAcl.deleteAcl Deletes the specified ACL.
ivadmin_acl_get()PDAcl constructor Returns the specified ACL.Instantiates the specified ACL.
ivadmin_acl_getdescription()PDAcl object.getDescription Returns the description of the specified ACL.
ivadmin_acl_getid()PDAcl object.getId Returns the name of the specified ACL.
ivadmin_acl_list()PDAcl.listAcls Returns the names of all the defined ACLs.
ivadmin_acl_listgroups() Returns a list of group names included in the specified ACL.
ivadmin_acl_listusers() Returns a list of the user names that are included in the specified ACL.
ivadmin_acl_setdescription()

PDAcl.setDescription
PDAcl object.setDescription

 Sets or modifies the description for the specified ACL.

For detailed reference information about these methods, see the Javadoc HTML documentation.