Work, with nearly all Registry record types, can be limited by access permissions. Permissions can be allowed or denied to list (find), view (get), update (save), delete, or create records. They can be set per user or per group. The permissions aspect applies to Businesses, Services, Bindings, and Technical Models (tModels).
Access Permissions can only be set by authenticated users. Before you can work with them you need to have registered an account and logged in. You also need to have created basic entities to which the permissions aspect applies. It is also helpful to have groups to which you can apply access policies.
Navigate to the Permissions tab on the Edit page.
Each major record type in the registry; Provider (Business), Service, Binding, and tModel, can be found in the left hand navigation panel. Clicking on a terminating node will load the edit page for the record represented by it. Provider, Service and tModel nodes are identifiable by name in their default language. Bindings are identifiable by URL.
Identify the record for which you wish to set up or modify access control and click its node.
The Permissions tab is usually the bottom-most of the tabs on the right side of the page. The one exception is the Edit Business page where it is second from the bottom. Click this tab.
Add users or groups to the Permissions table at the top of the page. This is a necessary step if this table is empty - that is, it contains the message "No permissions defined."
In the Find users/groups control. Select the radio button indicating whether you would like to add a user or a group to the policy set shown in the Permissions table.
If you choose to search by user select whether you would like the filter to work on the user's Login name or Full name.
In the edit box part of the Find users/groups enter all or part of the search string.
The "%" wildcard can be used to create simple yet flexible search expressions. For example "%c%t" will return groups named "accounting" and "security".
An empty edit box will return all visible records. This list may be very long.
Click the Filter button. All visible records will be returned in a table below the Find users/groups control.
Visible records means all group and user records that the currently authenticated user account has the right to find. In terms of groups this means all groups which have public visibility and those which have private visibility that the currently authenticated user owns or to which the user account belongs.
Select the records in the filtered set that you wish to work with in the Permissions table.
To Select one record, check the box to the left of its name.
To Select all records, click the Select All button.
To Clear Selected records, click the Select None button.
System Groups are special groups included within the registry. For sensitive registry entities their access control policies should be established in the Permissions set.
When you are satisfied with the set of selected users or groups click the Add selected groups/users button. All checked records will be fed into the Permissions table.
Modify policies for users and groups listed in the Permissions table. To set or modify the policy for a single record...
Select a record to edit by clicking on its edit icon - the one that looks like paper and pencil. Drop down lists will load under each permission type.
For each operation associated with the current entity select whether calling it should be allowed or denied or left not set for this group or user.
Not set means that the policy will be inherited from the owning entity. This means a Binding will inherit the policy from its Service and a Service from its Provider (Business). The default Not Set policy for Business and Technical Model top level entities is that they should be visible - find and get are allowed; but not modifiable - save, delete, and create are denied.
Click the update icon - the green check mark. The record will be updated. A green check indicates an allowed operation, a red check a denied one, a grey tick a policy that has been left not set.
Click the Save changes button. Access Control List (ACL) changes will be written to the registry and will apply henceforth to the current Provider, Service, Binding or Technical Model, entity.