Create the secured repository layer over this SQL repository. The secured repository’s XML definition file looks like this:

<!-- secured-test-repository.xml -->
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE secured-repository-template
 PUBLIC "-//Art Technology Group, Inc.//DTD Dynamo Security//EN"
 "http://www.atg.com/dtds/security/secured_repository_template_1.1.dtd">
<secured-repository-template>
 <item-descriptor name="test_items">

   <!-- The ACL that applies to the item view/descriptor -->
   <descriptor-acl value="Admin$role$administrators-group:
     read,write,create,delete;Admin$role$everyone-group:read"/>

   <!-- The property where the ownership is stored -->
   <owner-property name="item_owner"/>

   <!-- The property where ACL is stored in -->
   <acl-property name="item_acl"/>

   <!-- An ACL fragment that is assigned to all new items -->
   <creation-base-acl value="Admin$role$administrators-group:
      read,write,list,destroy,read_owner,write_owner,read_acl,write_acl;
      Admin$role$everyone-group:read,list"/>

   <!-- Access rights assigned to the owner when an item is created -->
   <creation-owner-acl-template value="$:read,write,list,destroy"/>

   <!-- Access rights assigned to all owner groups when an item is created.  
        WARNING: This feature can be dangerous. -->
   <creation-group-acl-template value="$:read,list"/>

   <property name="secured_property">
     <!-- The ACL that applies to this property across all repository items -->
     <descriptor-acl value="Admin$role$administrators-group:
        read,write;Admin$role$everyone-group:read"/>

     <!-- The name of the item property where this property's ACL is stored. -->
     <acl-property name="secured_property_acl"/>

     <!-- An ACL fragment assigned to this property when an item is created. -->
     <creation-base-acl value="Admin$role$administrators-group:read,write"/>

     <!-- Access rights assigned to the owner when an item is created -->
     <creation-owner-acl-template value="$:read,write"/>

     <!-- Access rights assigned to all owner groups when an item is created.  
          WARNING: This feature can be dangerous. -->
     <creation-group-acl-template value="$:read,write"/>

   </property>
 </item-descriptor>
</secured-repository-template>