Examining and adjusting an access control list using Java™
You examine and adjust the access control list (ACL) of a database through the following classes:
- Database contains an ACL property (getACL method) for accessing an ACL object; a CurrentAccessLevel property (getCurrentAccessLevel) for determining the current user's access level; grantAccess, revokeAccess, queryAccess, queryAccessPrivileges, and queryAccessRoles methods for creating, removing, and checking ACL entries; and a Managers property for getting the names of users with Manager access.
- ACL contains getEntry, getFirstEntry, and getNextEntry methods
for accessing ACL entries; a createACLEntry method for
creating ACL entries and a removeACLEntry
method for removing ACL entries; a Roles property (getRoles
method) and addRole, deleteRole, and renameRole methods for
accessing roles; a Parent
property (getParent method); an InternetLevel property (getInternetLevel
and setInternetLevel methods) to examine and adjust the maximum Internet
level; a UniformAccess
property (isUniformAccess and setUniformAccess methods) to
enforce, or not enforce, a consistent ACL across all replicas of a
database; AdministrationServer (getAdministration
and setAdministration methods), IsAdminNames (isAdminNames
and setAdminNames methods), and IsAdminReaderAuthor (isAdminReaderAuthor
and setAdminReaderAuthor methods) properties to work with administration
servers; and IsExtendedAccess (isExtendedAccess
and setExtendedAccess methods) to enable extended access.
- ACLEntry contains IsAdminReaderAuthor (isAdminReaderAuthor
and setAdminReaderAuthor methods), IsAdminServer (isAdminServer
and setAdminServer methods), IsCanCreateDocuments (isCanCreateDocuments
and setCanCreateDocuments methods), IsCanCreateLSOrJavaAgent (isCanCreateLSOrJavaAgent
and setCanCreateLSOrJavaAgent methods), IsCanCreatePersonalAgent (isCanCreatePersonalAgent
and setCanCreatePersonalAgent methods), IsCanCreatePersonalFolder (isCanCreatePersonalFolder
and setCanCreatePersonalFolder methods), IsCanCreateSharedlFolder (isCanCreateSharedFolder
and setCanCreateSharedFolder methods), IsCanDeleteDocuments(isCanDeleteDocuments
and setCanDeleteDocuments methods), IsCanReplicateOrCopyDocuments(isCanReplicateOrCopyDocuments
and setCanReplicateOrCopyDocuments methods), Level, IsGroup (isGroup and setGroup
methods), IsPerson (isPerson
and setPerson methods), IsServer (isServer
and setServer methods), Name (getName
and setName methods), NameObject (getNameObject
method), Parent (getParent
method), and UserType (getUserType
and setUserType methods) properties for examining and adjusting an
ACL entry; a remove method
for removing an entry; a Roles
property (getRoles method) and isRoleEnabled, enableRole, and disableRole methods for
associating ACL entries with roles; and IsPublicReader (isPublicReader
and setPublicReader methods) and IsPublicWriter (isPublicWriter
and setPublicWriter methods) properties for becoming public readers
and writers.
The access levels used by the Level and InternetLevel properties are as follows:
- ACL.LEVEL_NOACCESS
- ACL.LEVEL_DEPOSITOR
- ACL.LEVEL_READER
- ACL.LEVEL_AUTHOR
- ACL.LEVEL_EDITOR
- ACL.LEVEL_DESIGNER
- ACL.LEVEL_MANAGER
The permissions properties apply to the access levels as shown in the following table. "Always" means the permission is always true at that access level; "never" means the permission is never true at that access level. "Def yes" means that the permission is true by default at that access level and can be adjusted. "Def no" means that the permission is false by default at that access level and can be adjusted.
Permissions |
Manager |
Designer |
Editor |
Author |
Reader |
Depositor |
No access |
---|---|---|---|---|---|---|---|
CanCreateDocuments |
Always |
Always |
Always |
Def yes |
Never |
Always |
Never |
CanCreateLSOrJava |
Always |
Def no |
Def no |
Def no |
Def no |
Never |
Never |
CanCreatePersonalAgent |
Always |
Always |
Def no |
Def no |
Def no |
Never |
Never |
CanCreatePersonalFolder |
Always |
Always |
Def no |
Def no |
Def no |
Never |
Never |
CanCreateSharedFolder |
Always |
Always |
Def no |
Never |
Never |
Never |
Never |
CanDeleteDocuments |
Def yes |
Def yes |
Def yes |
Def yes |
Never |
Never |
Never |
PublicReader |
Always |
Always |
Always |
Always |
Always |
Def no |
Def no |
PublicWriter |
Always |
Always |
Always |
Def no |
Def no |
Def no |
Def no |
You must use the save method of ACL to write to permanent storage changes you make to the ACL and ACL entries. Otherwise, the changes are lost when your program exits.