Specifying Authorized Participants
The authorized participants can be specified for a security label value in multiple ways:
• Unspecified
If neither a UFID nor an EvaluatorClass is specified, the label value does not limit access to the objects with the label value applied and it becomes an informative marking.
• UFID Only
If an authorized participant is specified using a UFID, whether the participant (user, user-defined group, or organization) is cleared for access to the objects with the label value applied is indicated by the UFID value.
• EvaluatorClass Only
If an evaluator class is specified, its isRestrictedBySecurityLabelValue method is called when the access rights of a participant are evaluated to determine whether the participant is cleared for access to objects with the label value applied.
• Both UFID and EvaluatorClass
If both a UFID and an evaluator class are specified, the UFID is only used if the isRestrictedBySecurityLabelValue method is not overridden in the evaluator class or if the method is overridden and the method calls super.isRestrictedBySecurityLabelValue and makes use of the result.
• WTPrincipalReference
If an authorized participant (user-defined group or organization) is specified using a WTPrincipalReference (used when a principal is stored in database and not in LDAP), specify the following elements:
◦ ClassType: wt.org.WTGroup / wt.org.WTOrganization
◦ OrgName: Specify name of the organization if group is created at organization context. Applicable only for groups created at organization context. The default value is null.
◦ Name: Name of the group or organization.