The /atg/userprofiling/security/ProfileOwnerPolicy component (class atg.userprofiling.security.ProfileOwnerPolicy) is a security policy designed for situations in which you want only the owner of a profile to be able to perform operations on that profile. The ProfileOwnerPolicy examines the supplied profile object to check that it matches the profile associated with the current session; it then appends the ACL with the owner of the profile.

This policy takes a method argument containing a profile object of type String or RepositoryItem.

By default, the ProfileOwnerPolicy looks for profile objects named pProfileId, Profile, profileId, and profile, in that order, and uses the first corresponding object that it finds. You can change these names by editing the value of the profileParameterNames property in the ProfileOwnerPolicy component.