User Access Policy

Class: User

Description: This access policy manages the policies associated with Adding/Editing/Deleting/Maintaining users within AAI.

Resource: domain/userid

  • Action: add

    If this action is not allowed for a particular user for a particular domain, they will not be able to add users. This is particularly relevant for the JAWS domain, since all users need to be added. In the case of eEM or LDAP, it just means the user will not be able to pre-add a user to a domain with default preferences.

    The resource name for this action is the domain name.

    Impact on Java Client UI: if the current user does not have the right to add users under any domain, the Add button to the right of the list of users on the User Management Panel will not appear.

  • Action: view

    If this action is not allowed for a particular user for a particular user (userid), the user (userid) will not be visible to the user at all.

    Impact on Java Client UI: The list of users on the User Management Panel will not include any users (userids) that the user does not have the privilege to see.

  • Action: edit

    If this action is not allowed for a particular user for a particular user (userid), they will not be able to edit the properties of the user (userid).

    Impact on Java Client UI: The Edit User dialog box will show up in read-only mode with a Close button instead of an OK/Cancel button.

  • Action: delete

    If this action is not allowed for a particular user for a particular user (userid), they will not be able to delete the user (userid).

    Impact on Java Client UI: When the user selects a user (userid) from the list of users that they do not have the authority to delete, the Delete button at the top of the list will disappear.

  • Action: disconnectSession

    If this action is not allowed for a particular user for a particular user (userid), they will not be able to teminate the session.

    Impact on Java Client UI: When the user selects a user (userid) from the list of users that they do not have the authority to disconnect, the Disconnect button at the top of the list will be greyed out.