Access control lists

Content Platform Tenant Management Help

Version
9.7.x
File Size
4269 KB
Audience
anonymous
Part Number
MK-95HCPH002-19

An access control list (ACL) grants permissions to perform operations on an individual object to specified users or groups of users. An ACL can be specified as either XML or JSON. You add, replace, or delete an ACL in its entirety. You cannot modify it in place.

An ACL contains up to one thousand access control entries (ACEs). Each ACE specifies one user or one group of users and the permissions granted to that user or group. In the ACL body, an ACE is represented by the grant entry.

Note: This book uses the term entry to refer to an XML element and the equivalent JSON object and the term property for an XML attribute or the equivalent JSON name/value pair.

When you specify an ACL for an object, you can grant only the permissions you already have. That is, you cannot use an ACL to grant permissions that exceed your own.

To add, replace, or delete an ACL, you use HTTP.

With HTTP, you use a GET request to retrieve an ACL for an object. With WebDAV, CIFS, and NFS, you view the ACL for an object in the acl.xml metafile.

HCP provides two predefined ACLs that you can specify when storing an object:

all_read
Allows any user, authenticated or anonymous, to view and retrieve the object
auth_read
Allows any authenticated user to view and retrieve the object

The use of ACLs is enabled on a per-namespace basis. In namespaces where ACLs are enabled, the namespace can be configured to either enforce or ignore the permissions granted by ACLs. To find out the ACL settings for a namespace, contact your tenant administrator.