You can assign ACL-based access rights to internal and external users. Assigning access rights adds or removes the user’s ID from the Access Control List (ACL) that belongs to every object and every property in the repository. In most cases you can set object access rights through the ACC and the Business Control Center. You can also set access rights for specific properties of objects, but the UIs do not support this option. To set access rights for a specific property, you must change the access rights defined for that property in the repository definition XML file.

For information on using the ACC to set access rights for objects such as scenarios and workflows, refer to the documentation for those objects (for example, Setting Up Security Access for Scenarios). For information on using ACLs to control access for ACC users, refer to Configuring Access Privileges in the ATG Platform Programming Guide.

For information on using access rights to secure access to assets within the Business Control Center, refer to the ATG Business Control Center Administration and Development Guide.

The basic types of access rights are as follows:


Controls the ability to create a new repository item with an item-descriptor. To add the new item to the repository, you must also have WRITE access to the item-descriptor.


Controls read only access to a repository item.


Controls the ability to add a repository item to a repository item-descriptor, or to change the contents of a repository item or a property in a repository item. If the WRITE access right is granted for a repository item-descriptor, it does not affect the ability to update a repository item, only the ability to add new items.


Controls the ability to query the repository for a specific repository item. If a user does not have LIST rights on a repository item, a query of the repository will not return that item. The item may still be available by asking for it specifically. Use the READ access right to control general access to the repository item.


Controls the ability to remove a repository item from a repository item descriptor. In order to delete an item you must also have DESTROY access for that item.


Controls the ability to remove a repository item from the repository, destroying its contents. Note that most Secured Repositories also require DELETE access on the repository item-descriptor.


Controls the ability to read who owns an item


Controls the ability to change the owner of an item.


Controls the ability to read the access control list for an item. This access right is automatically granted to the owner of a repository item.


Controls the ability to change the access control list of a repository item. This access right is automatically granted to the owner of a repository item.