+

Search Tips   |   Advanced Search

Access control objects - Portal Access Control

The complete access control data for a resource is represented on the client by a PacList object. PAC stands for Portal Access Control. PacList objects are opaque, they cannot be manipulated directly. Instead, they are loaded into the PacList bean, which provides the operations to view and edit the objects. PacList objects are obtained from and written back using the Access bean. The access control data for a resource is split in similar data groups for several action sets. It is also referred to as role types. The term action set is used here, as it has the smaller potential for misinterpretation. The portal uses predefined action sets, which combine the actions for the following types of portal users.

Alternative names are documented in the help of the PacList bean.

For each action set, a list of principals are explicitly allowed to complete the corresponding actions. A principal is a group or user, which are specified by a name or distinguished name (DN). There are three special principals, which represent:

In addition to the list of principals, two flags control the implicit distribution of permissions through resource hierarchies.

Although the flags can be manipulated for each action set, they are ignored for security administrators and administrators. For these two action sets, inheritance and propagation are never blocked.

Parent topic: Portal Access Control