Building ACLs

Use this general process to build ACLs:

  1. Plan your ACL/role/user structure.
    • Identify all the users who require to be authorized to access your system.
    • Define any roles those users must belong to, and any roles that can have other roles as their members.
    • Determine which permissions should be granted to which users on which nodes.
  2. Issue User certificates for all the users who are required to authorized to access your system.
    Issue certificates to users before adding them to roles or ACLs. After you have added a user with the ACL/Role Manager, you cannot issue a certificate to that user.
    Issuing a certificate to a role has no effect.
    Do not issue certificates to roles. This subverts system security by having a certificate that is shared by many users, and is inherently insecure.
  3. Add all the roles that you have defined.
  4. Modify roles as necessary to specify which roles belong to other roles.
  5. Modify users as necessary to specify to which roles and ACLs they belong.