About ACLs
ACLs control access to packages, folders, and other elements (such as services, document types, and specifications) at the group level. An ACL identifies groups that are allowed to access an element (Allowed Groups) and/or groups that are not allowed to access an element (Denied Groups). When identifying Allowed Groups and Denied Groups, you select from groups that you have previously defined.
There are four different kinds of access: List, Read, Write, and Execute.
List. Allows a user to see that an element exists. The element will be displayed on screens in
Designer and
Integration Server Administrator. List access also allows you to view an element's metadata.
Read. Allows a user to view the main source of an element through
Designer and
Integration Server Administrator.
Write. Allows a user to edit an element. This access also allows a user to delete or lock an element or to assign an ACL to it.
Execute. Allows a user to execute a service. This access also gives the user access to files the server serves, such as DSP and .htm files.
List, Read, and Write ACLs are used mostly during development time by developers, and to some extent server administrators, who need access to create, edit, and maintain services and other elements. Execute access is used extensively in production environments.
When a user tries to access an element, the server checks the appropriate ACL (List, Read, Write, or Execute) associated with the element.
You cannot assign an ACL to an element unless you are a member of that ACL. For example, if you want to allow DevTeam1 to update the OrderForm service, you must be a member of the DevTeam1 ACL. In other words, your user name must be a member of a group that is listed in the DevTeam1 ACL. Similarly, when you change an ACL assignment for an element, you must be a member of the existing ACL and a member of the ACL to which you are assigning the element.
The following table summarizes what the different access types mean for the different elements.
| Type of access and allowed actions |
Element | List | Read | Write | Execute |
Package | See that the package exists. To see what the package contains, you must have List access to the elements themselves. This access is not inherited by other elements in the package. | N/A | N/A | N/A |
Folder | See that the folder exists. Children will inherit List access if they do not have a specific access of their own. | Has no meaning for the folder itself. Children will inherit Read access if they do not have a specific access of their own. | Add an element to or delete an element from the folder. Change the ACL assignment for the folder. Children will inherit Write access if they do not have a specific access of their own. | Has no meaning for the folder itself. Children will inherit Execute access if they do not have a specific access of their own. |
Services (includes Flow, Java, C, XSLT, Adapter services, and web service descriptor) | See that the service exists. In Designer, the service will be listed along with non-source information. | See the service's source in the Designer. | Edit, lock, unlock, and delete the service. Change the ACL assignment for the service. | Execute the service. |
Specifications, Schemas, Flat File Schemas, Document Types, Adapter Notifications, Triggers | See that the element exists. | See that the element exists. For a trigger, see the defined conditions. | Edit, lock, unlock, and delete the element. Change the ACL assignment for the element. | N/A |