<!ELEMENT item-descriptor (<descriptor-acl> |
                           <owner-property> |
                           <default-acl> |
                           <creation-base-acl> |
                           <creation-owner-acl-template> |
                           <creation-group-acl-template> | property)*>

You should include one item-descriptor tag for each item descriptor in the underlying repository for which you want to specify access rights. Unlike the item-descriptor tag in the SQL repository, the item-descriptor tag in the secured repository has just one attribute, name, which must be the same as the name attribute in the underlying repository’s item-descriptor tag.

Example
<item-descriptor name="feature">
  <descriptor-acl value="..."/>
  <owner-property name="..."/>
  <acl-property name="..."/>
...
</item-descriptor>