You should include one item-descriptor tag for each item descriptor in the underlying repository for which you want to specify access rights. Unlike the item-descriptor tag in the SQL repository, the item-descriptor tag in the secured repository has just one attribute, name, which must be the same as the name attribute in the underlying repository’s item-descriptor tag.

<item-descriptor name="feature">
  <descriptor-acl value="..."/>
  <owner-property name="..."/>
  <acl-property name="..."/>
item-descriptor child tags

An item-descriptor tag can enclose the following child tags:

loading table of contents...