Access List and Default Item Access List(DIAL) - FileNet CS

Access List [This is the list which governs the access of a user to specific objects]An access list can control access on a user-by-user basis, the lists would become long and difficult to maintain if they listed all possible users by name.For ease of implementation of t he access control, the library system allows assigning access rights to groups, because groups contain sets of users who have common access requirements.

Because a user may belong to more than one group in a library system, access control is determined by a user's active group, that is, the group in which a user is currently working. Thus, when users change their active group, their access rights to objects also change accordingly. Using groups to control access greatly simplifies security. Suppose, for example, that there are seventy users in a library system, but these users all fall into three work groups: employees, supervisors, and a personnel department. Since there are also three groups with those same names, the access list for a document that corresponds to an employee's personnel record would need only three entries (one for each group), rather than seventy (one for each
individual user). If groups are created to match the way people work in an organization, their use in controlling access can ensure people will read and modify only the appropriate information.

An access list contains information about the users and groups who have been assigned specific access rights to a particular object. In CS Explorer, this information is displayed as Access Control object properties. Each Access Control object contains three pieces of information:
• The name of a user or a group
• The type of name
• The access rights granted

By default, a library system uses the following search pattern when determining a user’s access rights to a particular object and assigns the first access rights that apply:

1. Checks to see if the user is a member of the Administrators group.
2. Checks in the object's access list for an entry under the user name.
3. Checks in the object's access list for an entry under the user's active group.
4. Checks the access rights assigned to the General Users group, if included in the access list.
5. Assigns the user access rights of None.
Notice that this search pattern ensures that active members of the Administrators group always receive Admin access; thereafter, access rights specifically granted to a user take precedence over those granted to a group.

Default Item Access List [This list get sused when the user adds document into CS]Another way a library system can help users control access to their files is by inserting default entries in document access lists so that the user does not have to provide the same set of entries each time he or she adds a document.

You can specify a set of default item access list entries for each user in his or her User object. Then, each time that user adds a document to the library system from any user interface, the access list of the Item object is filled in with those specified defaults. Of course, to cover special cases, users can always change the access list of any documents they add, but they do not have to start from scratch with each document.
In the same way that you add entries to the default item access list in the User object, you can also specify them in Group objects and the System object.

Thus, the access lists of documents do not necessarily have a standard set of default entries. The library system does add default entries to the document's access list as the document is added, but to determine these defaults, the library system will check for entries in the Default Item Access List properties in the following objects and use the first such list with any entries:

1. The User object
2. The Group object for the user's active group
3. The System object