Adding an Explicit Grant or Denial

  1. Open the object that you want to protect or make available.
  2. On the Authorizationthen selectBasic tab, locate the user or group that you want to assign an explicit control to. If the user or group is not listed, click the plus icon to open the Add Identities window.
    Note: An explicit grant of the ReadMetadata permission is automatically set for each identity that you add.
  3. Click a cell and make a selection from the drop-down list.
    Note: If the selected identity is unrestricted, all permissions are granted and you cannot make changes.
    Note: When you click outside the cell, the yellow diamond that indicates an explicit control is displayed in the cell that you updated.
  4. If you changed the access for a group, review the impact on all of the listed identities.
    Note: This is important because controls that you add for a group can affect access for all members of that group. For example, an explicit denial that you add for the PUBLIC group blocks access for all restricted users, unless there are also explicit (or direct ACT) grants. You must offset a broad explicit denial with explicit (or direct ACT) grants for any restricted identities whose access you want to preserve.
  5. In the toolbar at the top of the tab, click the save icon.
Tip
It is easy to add explicit grants and denials on each object that you want to protect or make available. However, adding a large number of individual access controls can make access control management unnecessarily cumbersome.