Controlling Access to Resources with ACLs
You can use Access Control Lists (ACLs) to control access to packages, folders, files, services and other elements that reside on the Integration Server. Specifically, you can control access to:
Services clients can invoke. You can control which groups (and therefore which users) can invoke a service. In addition to checking ACLs to determine whether a client can invoke a service, the server performs a number of port level checks. See
Controlling Access to Resources by
Port for a description of these checks and how you can configure the server to perform them.
Special tools such as the Integration Server Administrator, Designer, and replicator functions. These special abilities are granted by the Administrator, Developer, and Replicator ACLs that are provided with the
Integration Server.
Elements that developers can see and use. You can fine tune control over which developers have access to which packages, folders, and other elements. For example, one development group might have access to create, update, and maintain one set of services, while another development group has access to a different set. ACLs can prevent one development group from accidentally updating or damaging the work of another group.
Files the server can serve. The server can serve files (for example DSP and .htm files) that reside in the pub directory for a package or a subdirectory of the pub directory. You can control access to these files by assigning ACLs to them in .access files. See
Assigning ACLs to Files the Server Can
Serve for more information about making files available.
This section describes how to control access to resources using ACLs. To control access at the port level, see
Controlling Access to Resources by
Port.