Use the allow:*:read and deny:*:read to grant permissions to groups or users as required. See
Access Levels and Permissions for more information.
The following list of default resource entities can be found under the
Common Web Administration resource class in the default
ESCWA security configuration:
- Configuration
- Provides access to reading and modifying configuration properties for the Common Web Administration server.
The subsequent resource entities relating to configuration are more specific versions of this entity.
Read, add, update, and delete permissions are queried, depending on the action you want to perform.
The ACL string for this resource entity:
allow:#DSAdmin group:update,add,delete;allow:*:read
- ESCWA Configuration
- Provides access to general configuration properties for the Common Web Administration server. Specific version of the configuration
entity which relates to the BasicConfig, TraceConfig, and AuditConfig sections of the
ESCWA configuration file.
The ACL string for this resource entity:
allow:#DSAdmin group:update,add,delete;allow:*:read
- Communications Server Log
- Provides access to Communications Server Log for the Common Web Administration server. Read permission is checked to see if
a user can view the communications log for the
ESCWA process.
The ACL string for this resource entity:
allow:#DSAdmin group:read
- Control
- Provides control of the Common Web Administration server. Execute permission is checked to see if a user can shutdown the
ESCWA process from an API, or view the list of current
ESCWA sessions.
The ACL string for this resource entity:
allow:#DSAdmin group:execute
- K8s Configuration
- Provides access to kubernetes configuration properties for the Common Web Administration server. Specific version of the Configuration
entity which relates to the K8sConfig section of the
ESCWA configuration file.
This is an optional part of the configuration file.
The ACL string for this resource entity:
allow:#DSAdmin group:update,add,delete;allow:*:read
- Logon
- Provides access control to any
ESCWA page preventing it from loading without specific user access. If access is not granted, the
ESCWA application still loads and the logon screen is displayed but any further page access is impossible, including any API access.
The ACL string for this resource entity:
allow:*:execute
[2]
- Mainframe Access Access
- Provides access to Mainframe functionality via the Common Web Administration server. Read permission is checked to see if
a user can view the
MAINFRAME tab in the
ESCWA user interface, and use any of the corresponding APIs relating to pages under this node.
The ACL string for this resource entity:
allow:*:read,update,add,delete,execute
- Managed Access
- Provides access to Managed functionality via the Common Web Administration server. Read permission is checked to see if a
user can view the
ES .NET tab in the
ESCWA user interface, and use any of the corresponding APIs relating to pages under this node.
The ACL string for this resource entity:
allow:*:read,update,add,delete,execute
- MFDS Configuration
- Provides access to the MFDS configuration properties for the Common Web Administration server. Specific version of the configuration
entity which relates to the MfdsList section of the
ESCWA configuration file.
The ACL string for this resource entity:
allow:#DSAdmin group:update,add,delete;allow:*:read
- Native Access
- Provides access to Native functionality via the Common Web Administration server. Read permission is checked to see if a user
can view the
NATIVE tab in the
ESCWA user interface, and use any of the corresponding APIs relating to pages under this node.
The ACL string for this resource entity:
allow:*:read,update,add,delete,execute
- Scale-out Configuration
- Provides access to scale-out configuration properties for the Common Web Administration server. Read permissions checked to
see if a user can install a PAC to a region. The Directory Server resources will then be checked for that user to see if they
can modify that region.
Specific version of the Configuration entity, which relates to the LogicalGroupList, SorList, and PacList sections of the
ESCWA configuration file.
The ACL string for this resource entity:
allow:#DSAdmin group:update,add,delete;allow:*:read
- Security Access
- Provides access to Security functionality via the Common Web Administration server. Read permission is checked to see if a
user can view the
SECURITY tab in the
ESCWA user interface, and use any of the corresponding APIs relating to pages under this node.
The ACL string for this resource entity:
allow:*:read,update,add,delete,execute
- Security Configuration
- Provides access to security configuration properties for the Common Web Administration server. Specific version of the configuration
entity which relates to the SecurityConfig and ESMList sections of the
ESCWA configuration file.
The ACL string for this resource entity:
allow:#DSAdmin group:update,add,delete;allow:*:read
- Server Configuration Access
- Provides access to Enterprise Server Administration Configuration functionality via the Common Web Administration server.
Read permissions is checked to see if a user can view the configuration spanner and dialog in the
ESCWA user interface, and use any of the corresponding APIs relating to this dialog.
The ACL string for this resource entity:
allow:*:read,update,add,delete,execute
- User Administration
- Provides access to user administration via the Common Web Administration server. Update permission is checked to see if a
user can administer a security manager.
Update permissions checked to see if a user can change the active security configuration used by
ESCWA.
The ACL string for this resource entity:
allow:#DSAdmin group:read,update,add,delete