BusinessEvents: Access Control System Overview

The Access Control System manages the permissions to the users based on their roles. Using the access control system, the IT Administrator can restrict business users from accessing or modifying certain resources of a Decision Project.

Access control is role based. Thus, the users belonging to same role will have same access permissions. One user can play different roles in an organization, so the user's permissions are a unification of the permissions that each role the user belongs to gets.

By default, all permissions are denied. Each of the permissions must be grantedexplicitly. Permissions do not have hierarchies. The order in which permissionsare specified is irrelevant.

A role can have zero or more permissions. Each role is represented by a name.A Permission can have one Action and a resource for which the action applies. For example, an action could be Read, Write, or Send. A resource or entity could be arule, attribute, and so on. For example, you could specify Read permission for allattributes of a particular concept.

All of these ACL settings are specified in the

%rms.proejct.location%/%rms.project.name%/config/%rms.project.name

%.acl file as specified in the be-rms.tra file.