Channel Access Control List (nACL)

Channel Access Control

When connected to a Nirvana realm server ,with a reference to an nRealmNode object it is possible to get a reference to an nLeafNode that corresponds to a channel. This can then be used to get access the node's nACL . This object contains a list of nChannelACLEntry objects that represent a subject and a set permissions for various operations on a channel. There is a separate nChannelACLEntry object for each subject that has been permissioned on the nLeafNode.

You can also, add, delete and modify ACL entry objects.

In order to obtain a reference to the correct channel ACL object for a channel called "/products/prices", simply call the following method from a realm node:

nLeafNode chan = realm.findNode("/products/prices");
nACL acl = chan.getACLs();

Once you have the ACL object, you can then add, remove or modify acl entries:

nChannelACLEntry

To find a specific ACL entry from the channel ACL, the ACL object can be searched using the subject.

For example, to change the default permissions for the *@* subject (i.e. the default permission for the channel), the following code can be used:

nChannelACLEntry entry = acl.find("*@*");
entry.setFullPrivileges(false);
acl.replace(entry);
chan.setACLs(acl);

which would set the full privileges flag to false for the default subject.

Click here to see example of how to modify channel acls programatically or to see example of modifying ACLs using the enterprise manager.

For more information on the Nirvana Administration, please see the API documentation, and the administrator guide.