Apply fine-grained access control: summary

A protective ACL placed on the junction object provides coarse-grained control over the back-end resources. The ACL provides a general overall coarse-grained set of permissions every individual resource accessed through the junction.

We can also provide fine-grained protection to the resources accessed through the junction by explicitly placing ACLs on individual resource objects or groups of objects. WebSEAL cannot automatically see and understand a back-end file system. We must inform WebSEAL of the back-end object space using a special application, called query_contents, that inventories the back-end Web space and reports the structure and contents to WebSEAL.

Steps

1. Use the pdadmin utility to create a junction between WebSEAL and the back-end server.
2. Copy the query_contents program to the back-end server.
3. Apply ACL policy to appropriate objects in the object space revealed by the query_contents program.

Parent topic: WebSEAL junctions overview