Permissions in BEA AquaLogic Service Registry were developed so that administrators might exercise control over users. Permissions:
Provide a simple mechanism for the management of users' rights in BEA AquaLogic Service Registry.
Allow the administrator to manage or make available different parts of the registry to different users.
Help BEA AquaLogic Service Registry better reflect the real world where there are many roles with different responsibilities.
This chapter describes permissions in detail with some examples and a description of permission configuration.
Permission is defined as the right to perform an action on some interface. Put another way: permission is the ability to process some method on some interface. Permissions are very different from the other mechanism for rights in BEA AquaLogic Service Registry, the Access Control List.
Access Control enables the user to control access to the basic UDDI data structures (businessEntity, businessService, bindingTemplate, and tModel). Access Control on BEA AquaLogic Service Registry is provided by the Access Control List (ACL). The ACL is based on permissions given to a user or group. In the context of ACL, this means that a given user can access only that information in BEA AquaLogic Service Registry made available to the user by the registry administrator or other users. For more information about the Access Control List, see the Access Control chapter in the User's guide.
Access Control Lists limit the visibility of entities and so restrict the access to data in BEA AquaLogic Service Registry. Permissions on the other hand restrict access to interfaces. The ACLs restrain users by the restricting the visibility of UDDI structures. Permissions limit users through the visibility of interfaces.