# Licensed Materials - Property of IBM, 5724-E76, (C) Copyright IBM Corp. 2004 - All Rights reserved. # -------------------------------------------------------- # # Properties of the Access Control Data Management Service # # -------------------------------------------------------- # #DomainConfig part #Mandatory configuration #accessControlDataManagement.domain.rel.adminuser=uid=wpsadmin,o=defaultWIMFileBasedRealm #accessControlDataManagement.domain.rel.admingroup=cn=wpsadmins,o=defaultWIMFileBasedRealm #accessControlDataManagement.domain.cust.adminuser=uid=wpsadmin,o=defaultWIMFileBasedRealm #accessControlDataManagement.domain.cust.admingroup=cn=wpsadmins,o=defaultWIMFileBasedRealm #accessControlDataManagement.domain.comm.adminuser=uid=wpsadmin,o=defaultWIMFileBasedRealm #accessControlDataManagement.domain.comm.admingroup=cn=wpsadmins,o=defaultWIMFileBasedRealm #accessControlDataManagement.domain.jcr.adminuser=uid=wpsadmin,o=defaultWIMFileBasedRealm #accessControlDataManagement.domain.jcr.admingroup=cn=wpsadmins,o=defaultWIMFileBasedRealm # This setting determines if the group membership of groups is exploited at all by the # Portal Access Control Component. # Default: true #accessControlDataManagement.enableNestedGroups = true # This setting determines if the group membership of groups is exploited by the # Portal Access Control Component for permission enforcement on users / groups. # If this setting is false you can only get permissions on user groups via # roles on the groups / on users via roles on the direct groups the user is member # of. # Default: false #accessControlDataManagement.enableTargetResourceGroupInheritance = false # This setting determines if access control checks are done for the user first # or if the groups the user is in are checked first. # You should change this property if you give access to resources directly # to the users. # Default: false #accessControlDataManagement.checkUserFirst = false # This setting determins if the role name contains the unique name # or the title of the resource the role was created on. # IBM recommends to set this setting to true when you use # an external authorization provider (e.g. Tivoli Access Manager) # as the role names can be found easier. # Default: false #accessControlDataManagement.reorderRoleNames = false # # Settings for the AccessControlUserContext caching facility # # # This property activates the AccessControlUserContext based permission caching # # Default: true # #acuc.enableAccessControlUserContext=true # # This property activate WorkArea based caching of the AccessControlUserContext. # If WorkArea based caching is activated the following properties pre-fixed by acuc.workarea # can be used to configure the WorkArea partition used for the AccessControlUserContextCaching. # # Default: false # #acuc.enableWorkManager=false # The name of the workAreaPartition. Can be any name. # # Default: WPS_ACUC_PARTITION # #acuc.workarea.partitionName = WPS_ACUC_PARTITION # # The maximum number of bytes being sent by the partition when sharing data # with other processes/threads # # Default: 2048 # #acuc.workarea.maxSendSize = 2048 # # The maximum number of bytes being received by the partition when sharing data # with other processes/threads # # Default: 2048 # #acuc.workarea.maxReceiveSize = 2048 # # Defines whether the workarea partition is able to share data in both # directions (send and receive) # # Default: true # #acuc.workarea.bidirectional = true # # A performance relevant property. When set to true, it prevents the workarea from # immediate serialization of attributes stored in the workarea using a set() method. This # allows following get() calls to be served without deserialization of attributes. # # Default: true # #acuc.workarea.deferredAttributeSerialization = true # # The name of the PartitionManager of WAS. # Usually, you will not have to change this setting. # # Default: java:comp/websphere/WorkAreaPartitionManager # #acuc.workarea.partitionManagerName = java:comp/websphere/WorkAreaPartitionManager # # Overrides the value of columns "PRI_OWN_ACTIONS" from table RELEASE.RES_TYPE for all rows # Set value to -1 if the DB values should be used # #accessControlDataManagement.privateOwnerActions = 1151 # # List of virtual system resources. Those resources must not be deleted to get an empty portal. # # # #accessControlDataManagement.virtualSystemResources =wps.PORTAL@comm,wps.WEB_MODULES@comm,wps.URL_MAPPING_CONTEXTS@comm,wps.REMOTELY_ACCESSIBLE_PORTLETS@comm,wps.PORTLET_APPLICATIONS@comm,wps.CONTENT_NODES@comm,wps.TRANSFORMATION_APPLICATIONS@comm,wps.PSE_SOURCES@comm,wps.VP_URL_MAPPINGS@comm,wps.APPLICATION_ROLES@comm,wps.APPLICATION_ENTITIES@comm,wps.DESIGNER_DEPLOY_SERVICE@comm,wps.PORTAL@cust,wps.WEB_MODULES@cust,wps.URL_MAPPING_CONTEXTS@cust,wps.REMOTELY_ACCESSIBLE_PORTLETS@cust,wps.PORTLET_APPLICATIONS@cust,wps.CONTENT_NODES@cust,wps.TRANSFORMATION_APPLICATIONS@cust,wps.PSE_SOURCES@cust,wps.VP_URL_MAPPINGS@cust,wps.APPLICATION_ROLES@cust,wps.APPLICATION_ENTITIES@cust,wps.DESIGNER_DEPLOY_SERVICE@cust,wps.PORTAL@jcr,wps.WEB_MODULES@jcr,wps.URL_MAPPING_CONTEXTS@jcr,wps.REMOTELY_ACCESSIBLE_PORTLETS@jcr,wps.PORTLET_APPLICATIONS@jcr,wps.CONTENT_NODES@jcr,wps.TRANSFORMATION_APPLICATIONS@jcr,wps.PSE_SOURCES@jcr,wps.VP_URL_MAPPINGS@jcr,wps.APPLICATION_ROLES@jcr,wps.APPLICATION_ENTITIES@jcr,wps.DESIGNER_DEPLOY_SERVICE@jcr,ICM_CONTENT_REPOSITORY,ICM_CONTENT,wps.PORTAL_SETTINGS,wps.REMOTELY_ACCESSIBLE_PORTLETS,wps.EVENT_HANDLERS,wps.PORTLET_APPLICATIONS,wps.MARKUPS,wps.CONTENT_NODES,wps.ACTION_SETS,wps.TRANSFORMATION_APPLICATIONS,wps.PSE_SOURCES,wps.VP_URL_MAPPINGS,wps.APPLICATION_ROLES,wps.APPLICATION_ENTITIES,wps.USER_SELF_ENROLLMENT,wps.DESIGNER_DEPLOY_SERVICE,wps.XML_ACCESS