Apply fine-grained access control: summary
A protective ACL placed on the junction object provides coarse-grained control over the back-end resources. The ACL provides a general overall coarse-grained set of permissions every individual resource accessed through the junction.
We can also provide fine-grained protection to the resources accessed through the junction by explicitly placing ACLs on individual resource objects or groups of objects. WebSEAL cannot automatically see and understand a back-end file system. We must inform WebSEAL of the back-end object space using a special application, called query_contents, that inventories the back-end Web space and reports the structure and contents to WebSEAL.
Steps
- Use the pdadmin utility to create a junction between WebSEAL and the back-end server.
- Copy the query_contents program to the back-end server.
- Apply ACL policy to appropriate objects in the object space revealed by the query_contents program.
Parent topic: WebSEAL junctions overview