WebSphere brand IBM WebSphere XML Document Management Server, Version 7.0

Granting a single identity admin access to a specific document

You can grant a single identity with administrative permission access to a specific document in their home directory.

Before you begin
Preconditions:
  1. User John Doe (sip:john.doe@us.example.com) owns a buddy list document in his home directory with the following XCAP URI:
    • http://xdms.example.com:9080/services/resource-lists/users/sip:john.doe@us.example.com/buddylist.xml
  2. John has a friend Bob (sip:bob.cool@us.example.com) who would like admin access to John's buddy list.
About this task
In order for John to provide Bob access, John must create an authorization policy document that complies with the IETF common policy specification. The authorization policy document must look like this to provide administrative access to Bob.
<?xml version="1.0" encoding="UTF-8"?>
<ruleset xmlns="urn:ietf:params:xml:ns:common-policy">
	<rule id="admin">
		<conditions>
			<identity>
				<one id="sip:bob.cool@us.example.com" />
			</identity>
		</conditions>
	</rule>
</ruleset>

The authorization policy document must be created with the exact XCAP URI as the original resource-lists document, except that the AUID is substituted with the access control list (ACL) AUID: com.ibm.resource-lists-acls.

http://xdms.example.com:9080/services/com.ibm.resource-lists-acls/users/sip:john.doe@us.example.com/buddylist.xml

This defines the authorization policy document that grants administrative access to Bob for the corresponding buddy list document that is stored in the resource-lists AUID.

Create or edit an XDM policy document and post it to the XDMS.

  1. Reach the command client by typing the following from the command line: cd was_root/installableApps/xdms/client/
    Note: was_root is the installation root directory for WebSphere® Application Server Network Deployment. By default, this directory is:
    • AIX /usr/IBM/WebSphere/AppServer
    • Linux /opt/IBM/WebSphere/AppServer
  2. Type the XCAP Put request.
    ./xcap_put.sh -user user_id -password password -filename file_name -content_type application/auth-policy+xml XCAP_URL
    For example, to put the preceding example to the XDMS server for xdms.example.com, type the following parameters on a single line:
    ./xcap_put.sh -user sip:john.doe@us.example.com -password password -filename samples/AuthPolicyBobAdmin.xml -content_type application/auth-policy+xml http://xdms.example.com:9080/services/com.ibm.resource-lists-acls/users/sip:john.doe@us.example.com/buddylist.xml
  3. Press Enter to send the request. The new policy document is put to the XDMS in the specified location – in this case, for the XCAP URI that corresponds to the authorization policy document that protects John's buddy list document.
What to do next
Policy documents can be retrieved or deleted using the XCAP Get and XCAP Delete commands.



Terms of use
(C) Copyright IBM Corporation 2009. All Rights Reserved.