Access Control Permissions

Once you have defined your user groups, you can now apply permissions to each group of users or to single users. Locate the permissions heading in the security policy file and add a permissions declaration after the permissions heading for each metaspace or space that you want to control the access to. A permissions declaration has the following format:

<<metaspace name>|<space name>|<metaspace name>/<space name>> <<user name>|<group name>>=<permission>,...

where permission can be any of the following:

• grant_all
• deny_all
• read
• write
• invoke
• seeder
• encrypt

For detailed information on the permissions, see User Access Control.

You can use a wildcard character (*) for the metaspace name or space name. A single wildcard character (*) can replace both the metaspace name and space name to designate that the permissions will apply to all metaspaces and all spaces. For example:

// Examples:
// domain1-ms1/* group1=read, seeder
// domain2-ms4/sp1 group2=write, encrypt
// */sp2 group1=write, invoke
//
permissions
ms/* group1=seeder,read,write,encrypt

Copyright © Cloud Software Group, Inc. All rights reserved.