Assigning ACLs

Software AG Products 10.7 | Integrating On-Premises and Cloud Applications | Service Development | Assigning and Managing Permissions for Elements | Assigning ACLs

Assigning ACLs

You can assign an ACL to a package, folder, services, and other elements in the Package Navigator view. Assigning an ACL restricts or allows access to an element for a group of users.

Keep the following points in mind when assigning ACLs:

You can assign only one ACL per element.

You can only assign an ACL to an element for List, Read, or Write access if you are a member of that ACL. For example, if you want to allow DevTeam1 to edit the ProcessPO service, you must be a member of the DevTeam1 ACL. That is, your user name must be a member of a group that is in the Allowed list of the DevTeam1 ACL.

The ACLs assigned to an element are mutually exclusive; that is, an element can have different ACLs assigned for each level of access. For example, the following element has the Developers ACL assigned for Read access and the Administrators ACL assigned for Write access.

ACL usage is not required. For more information, see Is ACL Usage Required?.

To assign an ACL to an element

1. Make sure that the ACL you want to assign exists on the Integration Server. If not, create the ACL in the Integration Server Administrator. For details, see webMethods Integration Server Administrator’s Guide.

2. In Package Navigator view, select the package or folder to which you want to assign an ACL and select File > Properties. In the Properties for elementName dialog box, select Permissions.

3. On Permissions, select the ACLs that you want to assign for each level of access.

For this permission...	Specify...
List ACL	The ACL whose allowed member can see that the element exists and view the element’s metadata (such as input, output).
Read ACL	The ACL whose allowed member can view the source code and metadata of the element.
Write ACL	The ACL whose allowed member can lock, check out, edit, rename, and delete the element.
Execute ACL	The ACL whose allowed member can execute the service. This level of access only applies to services and web service descriptors.

4. Under Enforce execute ACL, specify when Integration Server performs ACL checking. Select one of the following:

Select...	To specify that...
When top-level service only	Integration Server performs ACL checking against the service when it is directly invoked from a client or DSP. For example, suppose a client invokes the OrderParts service on server A. After checking port access, server A checks the Execute ACL assigned to OrderParts to make sure the requesting user is allowed to run the service. It does not check the Execute ACL when other services invoke OrderParts.
Always	Integration Server performs ACL checking against the service when it is directly invoked from a client as well as when it is invoked from other services. For example, suppose the OrderParts service is invoked from a browser, as well as by the ProcessOrder and AddToDatabase services. If Always is set on OrderParts, the server performs ACL checking on OrderParts three times (once when it is invoked from the browser and twice when it is invoked by ProcessOrder and AddToDatabase).

5. Click OK.