Managing Access Control

Search Criteria	Description
Domain	The path of the selected domain, relative to its context.
Context	The hierarchy of contexts of the selected domain. Site, organization, and application contexts are separated by commas. Organization contexts are preceded with Organization - and application contexts are preceded with the type of application context; for example, Library -.
Type	Click find to open the Find Type window. By default All Applicable Object Types is selected. Types that are not instantiable do not display in the Find Types window by default, however any that you specify in the property wt.admin.hierarchyListAdditions.wt.access.PolicyAccessControlled of the wt.properties file will be displayed provided that the type can be placed under access control.
State	Limit results to a specific life cycle state. Make a selection from the list of all life cycle states or begin typing the life cycle name to limit results in the list. Selecting All States includes results for all states. Selecting All limits search results to the rules in which All was selected for the state.
Participant	Find results for a specific participant. Begin typing the name of a participant and make a selection from the auto-suggest list. Alternatively, click find next to the search field, or More Search Options at the bottom of the auto-suggest list, to open the Find Participants window. Use this window to select a participant; for more information, see Find Participants.
Include ancestor domains	Select the check box to include access control rules from the ancestor domains of the selected domain.

Column Name	Description
Domain	The domain for which the access control rule is defined.
Context	The context of the domain.
Type	The object type to which the access control rule applies. For more information about types, see Managing Types.
State	The state that an object must be in for the access control rule to apply. A rule with the state All applies to an object regardless of its state.
Participant	The user, group, organization, or role that the access control rule applies to. Tooltips provide the following additional information about a participant: • For users, user-defined groups, and organizations, the distinguished name stored in the LDAP directory service. • For system groups that are associated with a shared team, the parentheses after the group name contain the shared team name. • For all other system groups, the parentheses after the group name contain the context in which the group was created. • For dynamic roles, the parentheses after the role name contain the type of role and the context where the role has been established. Dynamic roles are for organizations or context team roles. • For pseudo roles, the role type is displayed. Pseudo roles are either Owner (meaning the pseudo-role that represents the owner of the object) or All (meaning the pseudo-role that represents all users).
Applies To	Specifies if the rule applies to the participant or all users except the participant.
Grant Permissions	Lists permissions granted to the participant.
Deny Permissions	Lists permissions that are denied to the participant.
Absolute Deny Permissions	Lists permissions that are absolutely denied to the participant.

Right-click in the column headers to deselect and hide columns to modify the view with only the information you want to see.

Action and Icon	Description
New	Opens the New Access Control Rule window to create a new rule for the selected domain.
Edit	Opens the Edit Access Control Rule window for the rule selected in the Search Results table. Only one rule can be selected for editing.
Delete	Deletes the rules selected in the Search Results table
View access control lists	Opens the View Access Control Lists window for the selected domain. For more information, see Viewing Access Control Lists.