The secured repository features are provided through a Secured Repository Adapter that sits on top of an existing repository. Any repository can have security by configuring an instance of a Secured Repository Adapter on top of the repository instance. Depending on the security features you desire, some new properties may have to be added to the underlying repository in order to support access control information storage.
The secured repository provides the following access control features:
Access control on Repository Item Descriptors
The ability to control who can create, add, remove, and query items defined by an item descriptor. This is similar to access control of a whole table in a database.
Access control on individual Repository Items
The ability to control who can read, write, destroy, and query a repository item. This is similar to access control of a single row in a database.
Access control on properties of all Repository Items in a Repository Item Descriptor
The ability to control who can read or write a particular property in any repository item defined by an item descriptor. This is similar to control of a column in a database table. A default ACL may be assigned to all items in the item descriptor that do not have an explicit ACL.
Access control on properties of an individual Repository Item
The ability to control who can read or write a particular property in a repository item. This is similar to control of a field of a row in a database table. If an ACL is assigned to a property that also has an ACL for the property in the item descriptor, the ACL for the property overrides the ACL defined in the item descriptor.
Limitation of query results
The ability to control who can receive certain repository items as results from a repository query.
Ownership of a Repository Item
At creation time the current user is assigned as the owner of the new repository item. The owner has the implicit right to query a repository item and modify its ACL; otherwise this is simply an association of an identity to an Item.
Automatic generation of ACLs on new Repository Items
When a new repository item is created, it is assigned an ACL that is constructed out of an ACL fragment and a template for the owner (creator) and each group the owner (creator) is a member of.
All of these features may be configured or not according to the needs of your application. Some features require additional storage in the underlying repository, or may have significant performance impact. Features that are unnecessary need not be enabled to save space or improve performance. See Performance Considerations for more information about performance issues.
