Realm Access Control List (nACL)

Universal Messaging 10.1 | Administration Guide | Universal Messaging Administration API | Security | Realm Access Control List (nACL)

When you have connected to a realm, and have a reference to an nRealmNode object (see nRealmNode), you can access an the realm's acl object. This object contains a list of nRealmACLEntry objects that represent a subject and a set permissions for various operations on a realm.

You can also, add, delete and modify acl entry objects. To obtain the realm acl object, simply call the following method from a realm node:

Java, C#:

nACL acl = realm.getACLs();

C++:

nACL* acl = realm->getACLs();

nRealmACLEntry

Once you have the acl object, you can then add, remove or modify acl entries:

To find a specific acl entry from the realm acl, you can search the acl using the subject. For example, if I wished to change the default permissions for the *@* subject (i.e. the default permission for a realm), I could use the following code:

nRealmACLEntry entry = acl.find("Everyone");
entry.setFullPrivileges(false);
acl.replace(entry);
realm.setACLs(acl);

C++:

nRealmACLEntry* entry = acl->find("Everyone");
entry->setFullPrivileges(false);
acl->replace(entry);
realm->setACLs(acl);

which would set the full privileges flag to false for the default subject.

For more information on Universal Messaging Administration, please see the API documentation, and the Enterprise Manager Guide.