Administer access control lists
We can allow or restrict specific users and groups from accessing protected resources by using access control lists (ACLs). We can do the following tasks with the administration API:
The name of an ACL can be of any length. The following characters are allowed in an ACL name:
- Create and delete ACLs
- Retrieve or change information associated with an ACL
- List the user, group, any-other, and unauthenticated entries that are included in the ACL
- List all defined ACLs
You can specify the following items:
- Alphanumeric characters defined in the locale
- The underscore (_) character
- The hyphen (-) character
- User entries that belong in each ACL
- Permissions or actions that each user is allowed to perform
- Permissions or actions that are based on group membership, rather than individual user identity, to expedite administration tasks
The administration API defines the PDAcl object to contain a retrieved ACL. We can use administration API , classes, and methods to extract information from the ivadmin_aclPDAcl object.
Be sure that you understand how to define an ACL policy before you use the administration API ACL methods . For more information, see the section about ACL entry syntax in the IBM Security Verify Access for Web: Administration Guide.
Table 1 describes the methods for administering ACLs.
Methods Description PDAcl.createAcl Create new ACL. PDAcl.deleteAcl Delete the specified ACL. PDAcl constructor Instantiate the specified ACL. PDAcl object.getDescription Returns the description of the specified ACL. PDAcl object.getId Returns the name of the specified ACL. PDAcl.listAcls Returns the names of all the defined ACLs. PDAcl.setDescription
PDAcl object.setDescriptionSets or modifies the description for the specified ACL. For detailed reference information about these methods, see the Javadoc HTML documentation.
Parent topic: Administer access control