Administration Guide : Security settings : About Access Control Lists
About Access Control Lists
Xinet software uses Access Control Lists (ACLs) to control who has access to AFP volumes (High-Res, FPO and/or WEB Access) and to items in Xinet itself. If you establish custom ACLs, afterwards, you’ll need to go back to other places in the GUI to apply them:
AFP volume access restrictions are described in the section, Creating a new System Volume.
Access as nativeadmin (a special case of Xinet end-user access) is discussed in Setting nativeadmin Access Control
The Access Control Admin dialog discussed in this chapter allows you to create custom ACLs. You may also use it to edit and delete existing ACLs. The ACLs you set up using this nativeadmin page may be applied in either of the instances mentioned above.
An ACL can be composed of any the following:
Individual user accounts
Particular AppleTalk networks
Particular IP addresses, hostnames or IP subnets
Previously defined ACLs
When setting up ACLs, keep the following guidelines in mind:
An ACL must contain at least one network address, user account, or collection of other ACLs in order to limit access.
If you have network addresses and users in the same ACL, then a user must match both to gain access.
If you have a list of only user names or only network addresses, then a user need only match one of them for access.
ACLs can be used to control the following features:
Which users can run the xinet ADMINISTRATION view
Which users can access High-Res, FPO, or Web views of particular AppleShare volumes
Browser access to Xinet sites
There are many reasons why you might want to make use of ACLs. For example, you may want people who are doing photo retouching only to have access to the high-resolution version of a volume. Likewise, you might want people who are doing lay-out work only to have access to the FPO views of a volume. In this way, you can help avoid confusion about which version of an image people use. You might also want to restrict printing to specific queues by setting up ACLs for particular hot folders.