Administering access control

You can use the administration API to create, modify, examine, list, and delete Verify Identity Access access control lists (ACLs).

Use the administration API to attach ACLs to Verify Identity Access protected objects, and to detach ACLs from protected objects.

Each ACL might contain entries for specific users and groups. You can use the administration API to set ACL entries for users and groups that exist in the Verify Identity Access secure domain. You can also use the administration API to set ACL entries for the default user categories any-other and unauthenticated.

ACL entries consist of one or more permissions. These permissions specify actions that the owner of the entry is allowed to perform. Verify Identity Access provides a number of default permissions. You can use the administration API to define additional extended actions. You also can use the administration API to group the extended actions into action groups.

Understand the construction and use of ACLs before using the administration API ACL functions. The proper use of ACLs is key to successfully implementing a security policy. For more information, see the chapter about using access control lists in the IBM Verify Identity Access for Web: Administration Guide.