The /atg/userprofiling/security/ProfileOwnerPolicy
component (class atg.userprofiling.security.ProfileOwnerPolicy
) is a security policy designed for situations in which you want only the owner of a profile to be able to perform operations on that profile. The ProfileOwnerPolicy
examines the supplied profile object to check that it matches the profile associated with the current session; it then appends the ACL with the owner of the profile.
This policy takes a method argument containing a profile object of type String
or RepositoryItem
.
By default, the ProfileOwnerPolicy
looks for profile objects named pProfileId
, Profile
, profileId
, and profile
, in that order, and uses the first corresponding object that it finds. You can change these names by editing the value of the profileParameterNames
property in the ProfileOwnerPolicy
component.