For each item descriptor in the underlying repository that you want to secure, you must create a property that stores the ACL for that item. If you want to define an owner for an item type, you must also create a property that stores the owner’s name for items of that type. For example:
<item-descriptor name="cheese">
<property name="country" data-type="string" />
<property name="runniness" data-type="int" />
<property name="ACL" data-type="string" />
<property name="cheeseOwner" component-type="user" />
</item-descriptor>Make sure that the ACL property is of an appropriate data-type. The length of an ACL is limited by the amount of space available in the property for the ACL. An ACL that is too long will generate a repository exception when set. This problem is most likely to arise in cases where you use the create-group-acl-template in the secured repository definition to define an ACL for the groups of the owner and the owner is a member of many groups.
You can avoid this problem by defining the ACL property as an array of strings, rather than a single string. The ACL is then stored as a collection of substrings, which are concatenated to form the ACL. For example:
<item-descriptor name="cheese"> ... <table name="test_items_acls" type="multi" id-column-names="id" multi-column-name="index"> <property name="ACL" column-names="acl" data-type="array" component-data-type="string"> <attribute name="maxFragmentSize" value="254"/> </property> </table> </item-descriptor>
The maxFragmentSize attribute defines the longest string that will be put in any array index. The default size is 254. You should set this value to the size of the string column in the database. For many databases, if you use a VARCHAR of unspecified length, then 254 will be the appropriate value.
These properties in the underlying repository will be identified in the secured repository’s definition file, using the following tags:
owner-property
acl-propertyFor example:
<acl-property name="ACL" />
<owner-property name="cheeseOwner" />
