ACE Summary (Sun Java System Calendar Server 6 2005Q4 Developer's Guide)

Sun Java System Calendar Server 6 2005Q4 Developer's Guide

ACE Summary

Here is a quick summary of the order of an ACE:

who ^ flags ^ how ^ grant

Where:

who = A string, type (str).
flags = One of the characters c, p, or a.
how = An access-string composed of one or more of the access control characters described earlier in Access Control Information.
grant = One of the characters g, or d

Extended Examples

Here are some examples of circumstances and how the ACE would be set in the acl parameter for the jdoe calendar:

To grant john read access to both components and calendar properties (acl=john a r g), and to grant susan write and delete access to components only (acl=susan c wd g), the entire command is:

set_calprops.wcap?id=${SESSIONID}
             &calid=jdoe&acl=john^a^r^g;susan^c^wd^g

To grant all users in a domain schedule, free-busy, and read access to a calendar (@domainname a sfr g), to grant owners write and delete access to components only (@@o c wd g), to grant owners self-administration rights, and schedule, free-busy, and read access to both components and calendar properties (@@o a zsfr g), to deny susan all access to both components and calendar properties (susan a zsfdwr d), and to grant read access to all users (@ c r g), the entire command is:

set_calprops.wcap?id=${SESSIONID}&calid=jdoe
                                 &acl=@domainname^a^sfr^g;
                                      @@o^c^wd^g;
                                      @@o^a^zsfr^g;
                                      susan^a^zfsdwr^d;
                                             @^c^r^g

Note –

An administrator can override the access control of all WCAP commands if he is logged in as administrator and the server configuration preference service.admin.calmaster.overrides.accesscontrol is set to “yes” in the ics.conf file.

Mapping User Interface Operations to ACL's

Table 6–1 Mapping User Interface Operations to ACL's


User Interface Operation	ACL Required	Example	Description
Delete Events and Todos	Modify Events and Todos, and Delete Components or, Delete Calendar	c^d^g or, a^d^g	To delete events or todos, you need modify permission, and either delete components or delete calendar permission.
Free-busy	Free-busy Components or Free-busy Calendar	c^f^g a^f^g	To view a free-busy representation of a calendar (the events and todos), you need free-busy components or free-busy calendar permission.
Modify Events and Todos	Read Events and Todos, and Write Components or, Write Calendar	c^w^g a^w^g	To modify components of a calendar (events and todos), you need read permission, and either write components or write calendar permission.
Read Events on a Calendar	Read Calendar	a^r^g	To read components, you must have read calendar permission. Note that read components permission (c^r^g) does not work.
Schedule (Invite)	Schedule Calendar	a^s^g	To invite someone, you need schedule calendar permission.
Subscribe	Read Properties	p^r^g	To subscribe to a calendar, you must have read properties permission.