ACL Management
ACL Management – Document Access Control
Purpose
The Access Control List (ACL) system is used to manage and enforce access permissions on documents. It ensures that only authorized users, groups, or roles can access and perform actions on specific documents.
How It Works
Each document is associated with an ACL that defines:
- Which roles can access the document.
- The level of permissions granted.
- Any specific access restrictions that apply.
Permission Types
| Permission | Description |
|---|---|
| Read | Allows users to view the document. |
| Write | Allows users to modify the document content, if applicable in the screen. |
| Delete | Allows users to delete the document, if applicable in the screen. |
Permission Inheritance
Documents may inherit permissions from higher-level entities, such as:
- Document Classifications
- Document types
When a document-specific ACL is configured, it may override or complement inherited permissions depending on the system configuration.
Default ACL Rules
Each document is automatically assigned a set of default ACL rules when it is created.
These default rules are mandatory and cannot be permanently removed from the document’s ACL configuration. However, they can be disabled when access restrictions are required.
This approach ensures that a baseline security model is always maintained while still providing flexibility to adapt access permissions to specific business needs.
Note: Disabled default ACL rules remain visible in the ACL configuration for auditability and can be re-enabled at any time by authorized users.
Access Validation Process
When a user attempts to access a document:
- The system identifies the user and their roles memberships.
- The document ACL is evaluated.
- Inherited permissions are considered.
- Access is granted or denied based on the applicable rules.
Search