Universal Messaging 10.7 | Administration Guide | Universal Messaging Enterprise Manager | Using ACLs for Role-Based Security | About Realm ACL Permissions
 
About Realm ACL Permissions
To perform operations within a realm, clients connecting to the realm must have the correct ACL (Access Control List) permissions. A realm ACL contains a list of subjects, which can be username and host pairs, or security groups, and what operations each subject can perform within the realm.
You can manage ACL permissions for a realm in the Enterprise Manager or by using the Universal Messaging Administration API. You can add, remove, and modify ACL entries, and view ACL permissions on the Security > ACL tab for a realm in the Enterprise Manager. A green check icon indicates the permissions given to each subject.
A subject in the ACL list can have the following permissions to perform operations on the realm:
*Manage ACL - Can get and manage the list of ACL entries.
Note:
This permission is a combination of two permissions at the Administration API level. The boolean setModify() API function allows or denies permission to change an ACL value, and the boolean setList() API function allows or denies permission to access the current list of ACLs. If both of these functions return the value true, Manage ACL is allowed, otherwise Manage ACL is not allowed. If the green check icon is displayed in the Manage ACL field, the corresponding two API functions for this field are set to true. You cannot modify the value of this permission in the Enterprise Manager.
*Full - Has complete access to the secured object.
*Access - Can connect to this realm.
*Configure - Can set run-time parameters on the realm.
*Channels - Can add and delete channels on the realm.
*Realm - Can add and remove realms from the realm.
*Admin API - Can use the nAdminAPI package.
*Manage DataGroups - Can add and remove data groups from the realm.
*Pub DataGroups - Can publish to data groups, including the default one, on the realm.
*Own DataGroups - Can add, delete, and publish to data groups even when they were not created by the user.
The green check icon shows that a subject is permitted to perform the operation. The minimum requirement for a client to use a realm is the Access permission. Without this permission for the default *@* subject, any Universal Messaging client whose subject does not appear in the ACL list cannot establish a session to the realm server.