Life Cycle Managed Information
A very important characteristic of an object is whether it is life cycle managed. Objects that are life cycle managed are also domain administered. Therefore, the criteria for the objects includes the domain-administered criteria.
There are two types of life cycle templates that can be associated with objects: basic and advanced. The type of life cycle used influences the access to the objects. For information about life cycles, see Life Cycle Administration .
Access control decisions for life cycle managed information are based on the following criteria:
Team
Users can participate in a role for an object. The team stores the current team membership by role. The team is resolved using the team template, life cycle template, and context team. For additional information on teams, see About Context Teams.
Life Cycle
Determines an object's initial life cycle state by associating the object with a life cycle template. Life cycle state influences both policy and ad hoc ACLs. The ad hoc ACL is computed by binding life cycle and team roles to participants. The ad hoc ACL is stored within the object.
Life Cycle State
Indicates the phase of the life cycle, which was used to compute the ad hoc ACL. It is used during execution to determine the policy ACL that is appropriate for an object.
An object’s domain, type, and life cycle state determine which policy ACL is associated with the object. The policy ACL, in turn, specifies which participants have which permissions on objects that share the same domain, type, and life cycle state.
When an object is associated with a life cycle or workflow activity, access to that object can be governed by an ad hoc ACL, in addition to the policy ACL associated with the object based on its domain, type, and state. The life cycle or workflow activity can include permissions for roles associated with each life cycle phase or workflow activity. For example, participants who fulfill a life cycle or workflow role by submitting, reviewing, or promoting the object to the next life cycle phase are given access rights. Ad hoc ACLs for a life cycle phase or workflow activity are in effect for the duration of that phase or activity.
Isto foi útil?