Client Group Access Control Lists (ACLs)

You use client group ACLs to prevent unauthorized clients from joining a client group. Before joining an ACL-protected client group, a client must supply its SSL identity (SSL distinguished name, or DN). The client's identity is then checked against any client group ACLs, which contain lists of authorized clients. If a client's identity matches that in an ACL, it is granted permission to join the client group; if not, it is denied access.

Important:
Client group ACLs only work if basic authentication or SSL authentication has been configured for the client group's Broker Server, and is enabled.

To protect your Broker data with a client group ACL

1. Determine the document types and logs whose information should be restricted.

2. Add those document types and logs to the client group you plan to secure (make sure those document types and logs have not been listed in any non-ACL-protected client groups).

3. Decide which clients will have access to those documents and logs.

4. Add the basic authentication identities or the SSL identities of these clients to the client group ACL.

Important:
Always protect the admin client group with ACLs, or else any user can gain administrative access to any document type (see admin Client Group).

For general information about the use of ACLs in Broker, refer to Access Control Lists. For specific information about client group ACLs, refer to Client Group ACLs and About Configuring Client Group ACLs.