space
Previous Page | Next Page

SAS Namespace Types

AccessControlEntry


Subclass of AccessControl


Overview

The AccessControlEntry metadata type is used to define an access control directly on a resource. The access control is stored with the resource definition and is unique to that resource. That is, the AccessControlEntry (ACE) cannot be applied to another metadata object.

An ACE can specify permissions for both individual users and for groups. If a given identity is referenced more than once in the ACE, for example, both directly and by virtue of membership in one or more groups, the permission assigned directly to the identity will take precedence.

When the SAS Open Metadata Architecture authorization facility evaluates access controls, a permission assigned in an ACE will take precedence over a permission assigned in an AccessConrolTemplate (ACT). A resource-specific access control also takes precedence over any inherited access controls and permissions assigned in the Repository ACT.

An ACE should not be explicitly created or deleted. ACEs are managed programmatically using the SAS Open Metadata Interface ISecurityAdmin method class, which is documented in the SAS 9.2 Open Metadata Interface: Reference and Usage. The ISecurityAdmin class provides methods for defining and managing direct access controls as well as access control templates.

Security Inheritance and Enforcement Rules

The following is a list of associations which are used to determine if this object should inherit access controls from another object (inheritance) or if the association is allowed for the object (enforcement). For more information about inheritance a nd enforcement rules, see the SAS 9.2 Intelligence Platform: Security Administration Guide.

Attributes

Inherited Attributes
Name Id Desc MetadataCreated MetadataUpdated ChangeState  LockedBy  PublicType  UsageVersion 

Associations

= indicates the resident side of an association, or where the association is persisted for cross-repository associations. If no resident side is indicated, this association may not cross repository boundaries.

Name Cardinality Description Associated Types
AssociatedCondition

Partner: OwningAccessControlEntry

0 to 1 Expression used to conditionally grant a user or group access to a resource.  PermissionCondition
Identities

Partner: AccessControlEntries

0 to * The identities associated to this access control entry.  Identity
IdentityGroup
Person
Permissions

Partner: AccessControlEntries

0 to * The permissions that are granted or denied by this access control entry.  Permission

Inherited Associations
AccessControls/Objects , AccessControlTemplates/AccessControlItems , Changes/Objects , CustomAssociations/OwningObject , Documents/Objects , Extensions/OwningObject , ExternalIdentities/OwningObject , Groups/Members , Implementors/ImplementedObjects , Keywords/Objects , LocalizedAttributes/AssociatedLocalizedObject , Notes/Objects , Objects/AccessControls , PrimaryPropertyGroup/AssociatedObject , Prompts/PromptEnabledObject , Properties/AssociatedObject , PropertySets/OwningObject , ReferencedObjects/AssociatedObjects , ResponsibleParties/Objects , SourceTransformations/TransformationSources , SpecSourceTransformations/SourceSpecifications , SpecTargetTransformations/TargetSpecifications , TargetTransformations/TransformationTargets , Timestamps/Objects , Trees/Members , TSObjectNamespace/TSObjects , UsedByPrototypes/UsingPrototype , UsingPrototype/UsedByPrototypes , Variables/AssociatedObject 

Association Details

AssociatedCondition
     Cardinality:   0 to 1
     Partner:   OwningAccessControlEntry

Expression used to conditionally grant a user or group access to a resource. 

Associated Types:
PermissionCondition

Identities
     Cardinality:   0 to *
     Partner:   AccessControlEntries

The identities associated to this access control entry. 

Associated Types:
Identity   IdentityGroup   Person

Permissions
     Cardinality:   0 to *
     Partner:   AccessControlEntries

The permissions that are granted or denied by this access control entry. 

Associated Types:
Permission


space
Previous Page | Next Page | Top of Page