Managing Access Control
Use the Access Control Rules tab in Policy Administration to manage access control policies for the domain name that you clicked in the Domains pane. The following search criteria can be used to retrieve access control rules:
|
Search Criteria
|
Description
|
|---|---|
|
Domain
|
The path of the selected domain, relative to its context.
|
|
Context
|
The hierarchy of contexts of the selected domain. Site, organization, and application contexts are separated by commas. Organization contexts are preceded with Organization - and application contexts are preceded with the type of application context; for example, Library -.  |
|
Type
|
Click find  to open the Find Type window. By default All Applicable Object Types is selected.Types that are not instantiable do not display in the Find Types window by default, however any that you specify in the property wt.admin.hierarchyListAdditions.wt.access.PolicyAccessControlled of the wt.properties file will be displayed provided that the type can be placed under access control. |
|
State
|
Limit results to a specific life cycle state. Make a selection from the list of all life cycle states or begin typing the life cycle name to limit results in the list.
Selecting All States includes results for all states. Selecting All limits search results to the rules in which All was selected for the state.
|
|
Participant
|
Find results for a specific participant. Begin typing the name of a participant and make a selection from the auto-suggest list. Alternatively, click find next to the search field, or More Search Options at the bottom of the auto-suggest list, to open the Find Participants window. Use this window to select a participant; for more information, see Find Participants. |
|
Include ancestor domains
|
Select the check box to include access control rules from the ancestor domains of the selected domain.
|
Select your desired search criteria and click Search.
The Search Results table displays access control rules for the domain for all object types, states, and participants by default. The following columns are displayed the Search Results table:
|
Column Name
|
Description
|
|---|---|
|
Domain
|
The domain for which the access control rule is defined.
|
|
Context
|
The context of the domain.
|
|
Type
|
The object type to which the access control rule applies.
For more information about types, see Managing Types.
|
|
State
|
The state that an object must be in for the access control rule to apply. A rule with the state All applies to an object regardless of its state.
|
|
Participant
|
The user, group, organization, or role that the access control rule applies to.
Tooltips provide the following additional information about a participant:
• For users, user-defined groups, and organizations, the distinguished name stored in the LDAP directory service.
• For system groups that are associated with a shared team, the parentheses after the group name contain the shared team name.
• For all other system groups, the parentheses after the group name contain the context in which the group was created.
• For dynamic roles, the parentheses after the role name contain the type of role and the context where the role has been established. Dynamic roles are for organizations or context team roles.
• For pseudo roles, the role type is displayed. Pseudo roles are either Owner (meaning the pseudo-role that represents the owner of the object) or All (meaning the pseudo-role that represents all users).
|
|
Applies To
|
Specifies if the rule applies to the participant or all users except the participant.
|
|
Grant Permissions
|
Lists permissions granted to the participant.
|
|
Deny Permissions
|
Lists permissions that are denied to the participant.
|
|
Absolute Deny Permissions
|
Lists permissions that are absolutely denied to the participant.
|
Use Filter table to search these columns to limit the results.
 |
Right-click in the column headers to deselect and hide columns to modify the view with only the information you want to see.
|
The following actions can be performed from the Search Results table.
|
Action and Icon
|
Description
|
|---|---|
New  |
Opens the New Access Control Rule window to create a new rule for the selected domain.
|
Edit  |
Opens the Edit Access Control Rule window for the rule selected in the Search Results table. Only one rule can be selected for editing.
|
Delete  |
Deletes the rules selected in the Search Results table
|
View access control lists  |
Opens the View Access Control Lists window for the selected domain. For more information, see Viewing Access Control Lists.
|