Repository Services for the
Framework 
The repository service for ACLs manages permissions related to services.
In addition to ACLs for services, the repository framework also provides ACLs for resources. They ensure security by controlling the access of users to resources.
For more information, see Handling Security.
Service ACLs
Service ACLs enable repository services to assign service-specific permissions to users, groups, or roles. Service ACLs work just like standard framework ACLs (read, write, delete, and so on), and are maintained in the same way as standard ACLs, but the supported permissions are specific to particular services.
An
application can use the service access control lists (ACLs) to store
additional ACLs that define specific permissions for the application. For
example, the Knowledge Management subscription service defines a new
permission subscription
allowed and
uses the IAclService to store the access control
entries (ACEs) related to this permission.
When
the application starts up, the new application-specific permissions are
registered using the IResourceAclManager’s
addSupportedPermission() method. The service ACL’s IResourceAclManager is provided by the
IAclService’s
getAclManager()method. ACEs are created or modified by an
administrator, who uses the ACL editor.