Object hierarchy

Each administrative action that can be access-controlled (e.g. editing walk settings, creating accounts) can be thought of as an object. Some actions are broader than others and can be thought of as a superset, e.g. editing all profiles is a superset of editing a specific profile. Thus, access control objects are arranged in a tree-like hierarchy, where each object has a parent object, and can inherit permissions from it. This makes setting privileges on a logical group of objects (e.g. all profiles) easier, as only one object may need to be changed (the parent). Also, when new child members (e.g. new profiles) are created, they will inherit the same privileges automatically. The access control object hierarchy in the Search Appliance is as follows:

/                      Global root object
   Users/                 User accounts
      admin                  admin user
      ...                    other users
   Groups/                User groups
   Profiles/              Profiles
      default                default profile
      ...                    other profiles
   Settings/              Profile settings
   Maintenance/           System page
      Info/
      Updates/
      Logs/
      Settings/
         System Wide
         ACLs
         Thesaurus
         Save, Restore
         Mounts
      System/
         RAID

Note that these "files" do not really exist: the objects are merely symbols representing actions that can be access-controlled.


Copyright © Thunderstone Software     Last updated: Nov 8 2024
Copyright © 2024 Thunderstone Software LLC. All rights reserved.