Add an Explicit Grant or Denial

  1. Open the object that you want to protect or make available.
  2. From the drop-down menu, select Authorization. Locate the user or group that you want to assign an explicit control to. If the user or group is not listed, click the plus icon to open the Add Identities window.
    Note: An explicit grant of the ReadMetadata permission is automatically set for each identity that you add.
  3. Click a cell and make a selection from the list.
    Note: If the selected identity is unrestricted, all permissions are granted and you cannot make changes.
    Note: When you click outside the cell, the explicit control icon indicates an explicit control is displayed in the cell that you updated.
  4. If you changed the access for a group, review the impact on all of the listed identities.
    Note: Controls that you add for a group can affect access for all members of that group. For example, an explicit denial that you add for the PUBLIC group blocks access for all restricted users, unless there are also explicit (or direct ACT) grants. You must offset a broad explicit denial with explicit (or direct ACT) grants for any restricted identities whose access you want to preserve.
  5. Save your changes.
Tip
It is easy to add explicit grants and denials on each object that you want to protect or make available. However, adding a large number of individual access controls can make access control management cumbersome.