User Permissions

User permissions are stored in the access control list and determine the actions a user can perform on a destination. A user’s permissions are the union of the permissions granted explicitly to that user along with any permissions the user receives by belonging to a group.

When granting user permissions, you specify the user or group to whom you wish to grant the permission, the name of the destination, and the permission(s) to grant. Granting permissions is an action that is independent from both the authorization server parameter, and the secure property of the relevant destinations. The currently granted permissions are stored in the access control file, however, the server enforces them only if the authorization is enabled, and only for secure destinations.

Note: When setting permissions for users and groups defined externally, user and group names are case-sensitive. Make sure you use the correct case for the name when setting the permissions.

User permissions can only be granted by an administrator with the appropriate permissions described in Administrator Permissions.

You assign permissions either by specifying them in the acl.conf file, using the tibemsadmin tool, or by using the administration APIs. When setting user permissions, you can specify either explicit destination names or wildcard destination names. See Inheritance of User Permissions for more information on wildcard destination names and permissions.