User and Group Permissions: Access Control Lists
Access Control Lists (ACLs) associate groups and users with permissions. In the context of Integrity Lifecycle Manager interface, these users and groups are called principles. ACL definitions determine management policies and control user access to the various functions of Integrity Lifecycle Manager.
Permissions specify the particular operations that are available. Because ACLs control these vital functions, ACLs must be configured before Integrity Lifecycle Manager can function.
The following sequence of events illustrates how the Integrity Lifecycle Manager server uses ACLs to determine whether a user or group has access to a specific functionality:
1. A user issues a command to the Integrity Lifecycle Manager server from the Integrity Lifecycle Manager client.
2. The target of each operation (for example, a project or a member) maps to a specific ACL. The appropriate ACL is queried to determine whether the operation is allowed.
3. The Integrity Lifecycle Manager server queries the ACL database for the user’s access permissions to determine whether the user has the required permission or which specific permissions the user has (the server uses the most specific permissions it finds in the ACL hierarchy).
4. Based on the information it receives, the user is permitted the operation if the correct permissions exist. If the permissions do not exist, the server terminates the operation and returns an error message.
|
|
Once you have modified or created the necessary ACLs, the information is dynamically loaded by the server. You do not have to restart the server.
|
Related Links
