Broker 10.5 | webMethods Broker Documentation | Administering webMethods Broker | Managing Broker Security | Access Control Lists | Client Group ACLs
Client Group ACLs
You use client group ACLs to identify the clients that have permission to join a particular client group. Once a client becomes a member of the group, it can produce or consume the document types in the can-publish and can-subscribe lists, and various logs controlled by the client group (the run-time actions available to the client group).
It is also possible to configure the granting of user rights on a per message basis. For more information, see Using Access Labels.
The following figure illustrates how client group ACLs work.
How a Client Group Access Control List Works with SSL Clients
In the figure, three SSL-configured clients are shown attempting to join the client group "payroll," which has access to company payroll information. Each of these clients is identified both by a unique user DN and the DN of its certification authority.
Two ACLs are attached to this client group:
*An authenticator name ACL specifying that only clients with certificates signed by VeriSign are granted permission
*A user name ACL listing the four user DNs that are granted permission
Therefore, only clients with DNs satisfying both conditions (the top-most client) can join the client group "payroll." Other clients attempting to join this client group to access payroll information (such as the second and third clients from the top) are denied permission.
The "available run-time actions" shown in the figure correspond to the document types selected for the can-publish, can-subscribe, log-publish, and log-acknowledge lists. For example, a client joining "payroll" automatically becomes a subscriber to the document type that summarizes company bonus data; assuming that this document type was selected for the payroll client group's can-subscribe list.
For a step-by-step description of modifying ACLs for client groups, see About Configuring Client Group ACLs. For additional information about client groups, refer to Managing Client Groups.