Creating an ACL template
An access control list (ACL) template is a set of authorizations that are not associated with any system object.
Each entry in the ACL template grants permissions to a role based on individual system or command authorizations or an authorization profile. ACL templates let you set up complex access control lists that you can use repeatedly. You can use an ACL template in the following contexts:
- Granting default permissions to any system object created by a role (see Creating roles).
- Granting permissions for an individual system object (see Defining permissions for a system object).
- Updating permissions for a group of system objects (see Updating permissions for one or more system objects).
- Defining another ACL template.
When you define entries in an ACL template, you can assign authorizations to a special role called Current Role. This role grants permissions to the current role when that role creates an object. To use this functionality, you must designate the ACL template containing the Current Role authorizations as the object permissions template for a role (see Creating roles). After being assigned to a role, each Current Role authorization is automatically translated into permissions for that action for the current role. For example:
- You create an ACL template that grants AuditJob.* to Current Role.
- You specify the ACL template as the object permissions template for a role.
- That role creates an Audit Job. The role is automatically granted the AuditJob.* permission for the job.
You can also use the Current Role functionality when assigning object-based permissions. If you assign an ACL template containing Current Role authorizations to an object and the ACL template contains a Current Role authorization for the type of object you are defining, your current role automatically receives that authorization for the current object. Using Current Role authorizations in an ACL template is an easy way to give the creator of an object permission to use that object without having to revise an ACL template for each role.
Use the following procedure to create an ACL template. Alternatively, you can copy and paste an existing ACL template and then modify the properties of the copied template. See Modifying ACL templates.
To create an ACL template
- In the RBAC Manager folder, select ACL Templates.
- Create a new ACL template by right-clicking and selecting New > ACL Template from the pop-up menu. The Create New ACL Template wizard appears.
- Provide information for the ACL template as described in the following topics:
- To close the wizard and save changes, click Finish at any time. To close the ACL Template Properties window and save changes, click OK.