About Define Access Controls Dialogs

Define Access Controls dialogs have common features and functions.

When you invoke an Access Control dialog, the details you see are tailored to the type of object you have selected, or in the case of Global or Backstop Access Controls, to the repository as a whole. However, the dialogs use a common layout and functionality.

Dialog Title

The title of the dialog identifies the object on which you are operating.

For example:
  • Define Access Controls for Global Access
  • Define Access Controls for Product Documentation (folder name)
  • Define Access Controls for Astoria_Help.ditamap
  • Define Access Controls for cs_AboutAccessControlDialogs.xml

Tabs

Tabs allow you to select what type of privileges to define:
  • General Privileges
  • Custom Attributes
  • Annotations
  • Roles

Capabilities Area

The Capabilities area is available on the General Privileges, Custom Attributes, and Annotations tabs, and uses a membership control list to specify what capabilities are available for granting privileges.

Two list boxes appear in this area, Available and Present. Capabilities that are not authorized appear in the Available list. To authorize privileges, select one or more capabilities from the Available list and add them to the Present list. To revoke privileges, select one or more capabilities from the Present list and remove them, which adds them back to the Available list.

Click How Authorized to examine if a user or group enjoys a capability on the selected object, and how they came to enjoy that capability. See Show How Authorized.

Click Toggle Inherit to disable or re-enable inheritance of a capabiity. Capabilities that can be inherited appear with a ^ following the capability name. See Toggling Inheritance of Access Controls.

Role Groups

The Role Groups area is available on the Roles tab, allowing you to select Roles defined in the repository and assign users or groups to that role for the selected object. See Assigning Role Membership.

Details Area

The Details area uses membership control lists to specify the Users and Groups to whom capabilities can be granted. These lists are populated when you select a capability name from the list above.
Tip: Using groups to grant privileges ensures consistent assignment of privileges. Use care when granting privileges using both groups and users, to avoid unexpected results resulting from staffing changes.

Users or groups who are not authorized for the capability appear in the Available list. To authorize users or groups, select one or more from the Available list and Add them to the Present list. To revoke authorization, select one or more from the Present list and remove them, which adds them back to the Available list.

Even though a capability has been added to the Capabilities area Present list, unless the Details area shows a group or user in the Present list, no privileges are actually granted on the object.

Inheritors

The Inheritors box displays users or groups who inherit a selected capability, and the ancestry of the inheritance.