Secured repositories provide the following control features:



Control access to repository item descriptors

Control who can create, add, remove, and query items defined by an item descriptor; similar to controlling access to a whole database table.

Control access to individual repository items

Control who can read, write, destroy, and query a repository item.; similar to controlling access to a single database row.

Control access to properties of all repository items in a repository item descriptor

Control who can read or write a property in any repository item defined by an item descriptor; similar to controlling access to a database table column.

A default ACL can be assigned to all items in the item descriptor that lack an explicit ACL.

Control access to properties of an individual repository item

Control who can read or write a particular property in a repository item; similar to controlling the field of a database table row.

An ACL that is assigned to a property overrides the ACL that is specified for that property in the item descriptor definition.

Limit query results

Control who can receive repository items that are returned by a repository query.

Set ownership of a repository item

At creation time, the current user is assigned as the owner of the new repository item. The owner can query a repository item and modify its ACL; otherwise this is simply an association of an identity to an Item.

Automatically generate ACLs for new repository items

When a repository item is created, it is assigned an ACL that is constructed out of an ACL fragment and a template for the creator/owner (creator) and each group the owner belongs to.

These features are configured according to the needs of your application. Some features require additional storage in the underlying repository, or can have a significant impact on performance (see Performance Considerations later in this chapter). Consequently, you should only enable those features that the application requires.

Access rights

Access to secured repositories is managed by building ACLs that associate certain access rights with certain identities—individual users, as well as groups, organizations, and roles that are associated with multiple users. The following table lists access rights that apply to the secured repository system.

Note: Not all access rights are available in all implementations or instances of a secured repository.


Access right


Create a repository item with an item descriptor.

Note: Adding a new item to the repository also requires WRITE access to the same RepositoryItemDescriptor.


Remove items of this RepositoryItemDescriptor type.

Note: Deleting an item also requires DESTROY access to that Item.


Remove the repository item from the repository and destroy its contents.

Note: Most secured repositories also require DELETE access to the item’s RepositoryItemDescriptor.


Query a repository item. LIST access is required in order for queries to return this repository item. An item’s owner implicitly has LIST access.


Enable read access to items of this RepositoryItemDescriptor type; or to the specified repository item; or to the specified item property.


Inspect the ACL of a repository item. This access right is implicitly granted to the repository item’s owner.


Inspect the owner of a repository item.


Enable addition of items of this RepositoryItemDescriptor type; or updates to the contents of the specified repository item or the specified item property.

Note: WRITE access to an item descriptor only enables addition of repository items; it does not allow updates to repository items.


Change the ACL of a repository item. This access right is implicitly granted to the repository item’s owner.


Change the owner of a repository item.

Note: Securing a repository does not provide complete security within an application: the unprotected repository that it overlays is still available within the Nucleus name space, so it remains available to developers. The Oracle ATG Web Commerce Control Center can be configured to hide unprotected repositories, and an application can choose not to use an unprotected repository, so as not to expose unprotected data to end users.