Database Reference
In-Depth Information
Managing ACLs
When resources or collections are added to the database, they start with an empty
ACL. Accordingly, only the Unix-style permissions are in effect. However, you may
add and remove ACEs to an ACL of a resource or collection at any time, providing
you have the appropriate permissions to do so.
Table 8-10
shows which users are per‐
mitted to modify the ACL of a collection or resource.
Table 8-10. Permissions to modify ACL
Action
Collection modification requirement
Resource modification requirement
Add, Update,
Remove ACE
Either:
Either:
•
Member of the
dba
group
•
Member of the
dba
group
•
Owner of the collection with write access on
the collection
•
Owner of the resource with write access on
the resource
The same tools described in
“Tools for Permission Management”
on page 151
for managing permissions also provide the facilities
for managing ACLs.
ACL management with the Java Admin Client
Once you've opened the Resource Properties dialog of the Java Admin Client, as
described in
“Permission Management with the Java Admin Client” on page 154
, you
can access the ACL for the resource. As order of ACEs in an ACL is significant, right-
clicking on an existing ACE allows you not only to modify that ACE or remove it, but
also to move it up or down in the ACL and to insert a new ACE before or after the
selection (
Figure 8-19
).
Search WWH ::
Custom Search