Basic Administration > Managing Data Security > Editing Access Control for an Existing Object > Access Table (Single Object)
  
Access Table (Single Object)
The Access table allows you to view the access control permissions on the specified object that are granted for participants. Additionally, you can grant or remove certain permissions (if you have the required permissions to make the change). The table is available from the Edit Access Control window.
The permissions that can be managed from the Access table are those permissions with the Access Control and Share source designations, as shown on the Access Rules table. For more information, see Setting Access Control on a Shared Object.
If security labels are enabled, the security icon displays for participants restricted by security labels. If a participant is restricted by security labels, they are unable to view objects and perform actions that permission settings would otherwise allow.
Permissions granted with other source designations (such as policy access control rules or life cycle or workflow ad hoc access rules) cannot be removed. Also, permissions granted to other participants (such as a group or organization in which the selected participant is a member) cannot be removed.
From the Access table, you can perform the following activities:
Display participants and their permissions
Change permissions for the participants displayed in the table
View access control details for a participant
Displaying Participants
The initial list of participants displayed in the table is determined by the view drop-down list selection that is active when you open the window containing the table:
My Access -- Populates the table with you as a participant and displays your access control information.
Team Access -- Populates the table with the groups containing the team members of the current context and displays the associated permissions for each participant. This view is useful when you want to change the permissions for those members in one or more team roles. The view shows the system groups associated with team membership. These groups include the following:
A group for each role included in the team. For example, the Members group (used for users who need general access to all actions in the context), the Guest group (user-defined groups and users that are not active team members and need only read access to context information), and corresponding groups for the other team roles.
The Team Members group, which contains all participants in the team excluding those members in the Guest role.
Organization groups, which contain the participants in the team grouped by organization.
The participants can be users, groups, or organizations.
If the specified object is an application or organization context, the view Team Access displays the administrators group for the parent context. Otherwise if the current context is the site or organization context, the view displays the administrators group for that context. Site and Organization contexts do not have teams associated with them to display in the Team Access view.
All Defined Access -- Populates the table with the users, groups, and organizations for which access control permissions have been defined and displays the associated permissions for each participant. This view is useful when you want to view all participants who currently have access control permissions defined for a single object. The participants listed are those who are actually named in either a policy access control rule or in an ad hoc access control rule. If a dynamic role is used as a participant in defining policy rules, the system group containing the team members of the role for the current context is listed as the participant rather than the dynamic role. By default, the All Defined Access view groups the Access table by the Applies To column. A policy access control rule can either apply to the participant listed or all users except the listed participant. For more information about rules applying to all users except the selected participant, see Selecting All Except Principal.
The identity information displayed in the Participant column is dependent on the Detailed Participant Identification preference in the Security category. By default a simple format is used. If you change the default setting, additional information is displayed to help distinguish participants with the same name. For more information, see Setting Security Preferences.
* 
Permissions are not displayed for the special participants named OWNER and ALL. Use the Policy Administration utility to see rules for OWNER and ALL. For additional information, see Finding Participants Who have Defined Permissions.
In all views, if you are not permitted to see a specific participant, you will see (Secured information) in the Participant column.
If the initial list of participants is not the list you want to start from, make a different selection from the view drop-down list. Additionally, you can add and remove participant rows from the table at any time using the find participants icon and the remove selected objects icon .
Changing the Permissions of Participants
The set of permissions is listed in the Permissions column of the table. By default, a subset of permissions are displayed and, depending on the context you are in, you may not be able to change any of the permissions. The security preferences determine which permissions are displayed in the Permissions column and whether the user interface allows you to change what is displayed.
The checkbox in front of each permission identifies whether the permission has been granted and whether you can change it:
If the checkbox is selected (indicated by the check mark), the permission is granted.
If the checkbox is clear, the permission is not granted.
If the checkbox is selected, but a warning icon appears in the Full Control (All) Overridden column, the previously granted Full Control (All) ad hoc access control rule is overridden by a policy access control rule absolutely denying (!) one or more permissions for the participant named in the row. To remove the Full Control (All) permission, clear the checkbox in the row with the warning. Clearing the checkbox and applying the changes will remove the granted permission, disable the checkbox, and remove the warning.
An active checkbox indicates that you can change whether the permission is granted. To grant the permission, select the checkbox to add the check mark. To remove a check mark, clear the check mark by clicking it.
When a checkbox is disabled, you cannot change the permission.
When the permission settings in the table reflect how you want the permissions for the displayed participants, click OK to make the changes and close the window.
For those objects that have an associated life cycle, all changes made to permissions through the Access table apply to the object when it is in all of the life cycle states (not just the current life cycle state of the object).
If you choose to save your changes for an existing object using the Apply button, then you can continue to make additional changes before clicking OK. Clicking Cancel closes the window without saving any changes that were made since you last clicked Apply.
Viewing Access Details of a Participant
When you are creating a folder or managing the security of a single object, the Access table that is displayed includes a column containing the view access information icon for each participant in the table. Selecting this icon opens the Access Information page, which contains the detailed information about the object and the access control rules that apply to this participant. If security labels are enabled at your site and security labels are supported for the object, the Access Information page also displays the current security label settings for the object, and the impact the security labels have on the participant's access.
Related Topics