WebSphere brand IBM WebSphere XML Document Management Server, Version 7.0

Granting node level authorization

Authorize user access to specific nodes within documents.

About this task

IBM® XDMSusers can specify permissions at the node level within a XML document, using the rule ids: read, write, delete and admin. In order to specify one of those rules for a single node, the XPATH to that URI can be appended to the end of the rule id. This will ensure that the permission in the rule id, and its conditions, are only applied to the node of the document specified, and not to the entire document.

The following document would give user sip:xdms2@us.acme.com read access to the list coworkers and write access to the list friends in any document this ACL document authorizes.

<?xml version="1.0" encoding="UTF-8"?>
<ruleset xmlns="urn:ietf:params:xml:ns:common-policy">
	<rule id="read/resource-lists/list[@name=%22coworkers%22]">
		<conditions>
			<identity>
				<one id="sip:xdms2@us.acme.com" />
			</identity>
		</conditions>
		<actions />
		<transformations />
	</rule>
	<rule id="write/resource-lists/list[@name=%22friends%22]">
		<conditions>
			<identity>
				<one id="sip:xdms2@us.acme.com" />
			</identity>
		</conditions>
		<actions />
		<transformations />
	</rule>
</ruleset>



Terms of use
(C) Copyright IBM Corporation 2009. All Rights Reserved.