NXT 4 uses access control properties to define what a user can see, where the user can navigate, what the user can change, and other kinds of information. There are two kinds of access control properties — domain properties and allowances.
A domain is a list of nodes in the content hierarchy as presented by the server. The access control module converts domain properties from document ID lists to domain string syntax.
Allowances are Boolean properties accepting "yes" or "no" as valid values. The access control module does not convert allowance to domain string syntax.
Table 1 lists the default set of access control properties that control what the user can do.
Table 1. Access Control Properties
| Property Name | Description |
|---|---|
|
Domain Properties (the access control module converts these properties from document ID lists to domain string syntax) |
|
| Metadata-Domain | Describes the nodes where the user can access metadata such as author name or abstracts. |
| Navigate-Domain | Describes the nodes where the user can navigate through the table of contents. |
| Element-Domain | Describes what elements (words and terms) the user can see in a word list. |
| Excerpts-Domain | Describes the nodes where the user can see document excerpts in a search results list. |
| Query-Domain | Describes the nodes where the user can query. |
| Content-Domain | Describes the nodes where the user can access document content. |
| Author-Domain | Describes the nodes where the user can modify (add, unlock, lock, or write) documents. |
| Editor-Domain | Describes the nodes where the user can edit (remove, commit, or rollback) documents. |
| Property Name | Description |
|
Allowances (the access control module does not convert these properties from document ID lists to domain string syntax) |
|
| Allow-Admin-Access | Boolean value specifying whether this user has administrator rights. |
| Allow-Statistics | Boolean value specifying whether the server allows this user to view statistical information. |
| Allow-Syndication | Boolean value specifying whether the server allows this user to make requests to the Content Network Adapter. |
| Allow-Impersonation | Boolean value specifying whether the server allows this user to change access control user properties to those of another user. Users with Allow-Impersonation rights must also have Allow-Syndication rights. |
| Allow-User-Access | Boolean value specifying whether the server allows this user to log on through the Content Network Manager as a user, not an administrator. Once logged on, only the sites specified by the user's views are accessible. |
| Property Name | Description |
| ViewID-List | The list of IDs for the views that this user can access with these credentials. IDs must be separated by semicolons, with no space allowed. |
Domain properties are implicitly denied but explicitly allowed. That is, each level of access is denied unless the corresponding domain property is set. Domain properties are also independent, but the following hierarchical structure is suggested.
Figure 1. Hierarchical structure of domain properties
By default, when you create a user, you also create all access control domain properties
with empty values, excluding the Excerpts-Domain property. During a user
creation, the Excerpts-Domain property is not created and does not restrict a
domain of a KWIC application.
The following behavior of NXT is applicable to all access control domain properties,
except the Excerpts-Domain property:
Copyright © 2006-2023, Rocket Software, Inc. All rights reserved.