(Quick Reference)

7 ACL Management - Reference Documentation

Authors: Burt Beckwith

Version: 1.0-RC3

7 ACL Management

ACL management should be done using the API exposed by AclService and AclUtilService. Both services have a much more intuitive and convenient high-level approach to managing ACLs, ACEs, etc. The functionality in this plugin is to provide a CRUD interface for fine-grained ACL management.

The ACL menu is only available if the ACL plugin is installed.

7.1 AclClass Management

The default action for the AclClass controller is search. By default only the standard fields are available but this is customizable with the Scripts script - see the section on configuration for details.

The className field has an Ajax autocomplete to assist in finding instances. Leave the field empty to return all instances.

Searching is case-insensitive and the search string can appear anywhere in the field. Results are shown paginated in groups of 10 and you can click on the className column header to sort the results by that field:

AclClass Edit

After clicking through an AclClass you get to the edit page (there are no view pages):

You can update the name, and delete the instance if there aren't any associated AclObjectIdentity or AclEntry instances - by default there is no support for cascading.

You can also see the associated AclObjectIdentity instances (OIDs) or AclEntry instances.

AclClass Create

You can create new instances by going to /aclClass/create or by clicking the Create action in the Class menu under ACL.

7.2 AclSid Management

The default action for the AclSid controller is search. By default only the standard fields are available but this is customizable with the Scripts script - see the section on configuration for details.

The sid field has an Ajax autocomplete to assist in finding instances. Leave the field empty and principal set to Either to return all instances.

Results are shown paginated in groups of 10. The column headers are clickable and will sort the results by that field:

AclSid Edit

After clicking through to a sid you get to the edit page (there are no view pages):

You can update the name and whether it's a Principal sid or a Role sid, and delete the instance if there aren't any associated AclObjectIdentity or AclEntry instances - by default there is no support for cascading.

You can also see the associated AclObjectIdentity instances (OIDs) or AclEntry instances.

AclSid Create

You can create new instances by going to /aclSid/create or by clicking the Create action in the SID menu under ACL.

7.3 AclObjectIdentity Management

The default action for the AclObjectIdentity controller is search. By default only the standard fields are available but this is customizable with the Scripts script - see the section on configuration for details.

Leave all fields at their default values to return all instances.

Results are shown paginated in groups of 10 and you can click on any header to sort by that field:

AclObjectIdentity Edit

After clicking through to an AclObjectIdentity you get to the edit page (there are no view pages):

You can update any of the attributes, and can delete the instance if there aren't any associated AclEntry instances - by default there is no support for cascading.

You can also see the associated AclEntry instances.

AclObjectIdentity Create

You can create new instances by going to /aclObjectIdentity/create or by clicking the Create action in the OID menu under ACL.

7.4 AclEntry Management

The default action for the AclEntry controller is search. By default only the standard fields are available but this is customizable with the Scripts script - see the section on configuration for details.

Leave all fields at their default values to return all instances.