Creating ACL Rules

When a Web application is part of a protected resource, it is accessible only through an ACL rule that has been configured to allow access to the Web application.

You can configure an ACL rule to provide access to multiple Web applications. Generally, however, you should create separate ACL rules for each Web application. If you inadvertently use the same ACL rule for Web applications in different packages, when a user purchases one of the packages he or she will also gain access to the Web applications in the other package. Although the user couldn't launch the unpurchased Web applications through OnDemand Services (because they won't appear in the Launch Item gadget), he or she could manipulate a purchased Web application's URL and possibly gain access to the unpurchased Web application.

To create an ACL rule:

  1. In ConsoleOne, if you are using iChain 2.0, right-click the container where you want to create the object, click New, click Object to display the New Object dialog box, select iChain Access Control Rule, then click OK to display the New iChain Access Control Rule dialog box.

    or

    If you are using iChain 2.1, right-click the container where you want to create the object, click New, click iChain Object, select iChain Access Control Rule, then click OK to display the New iChain Access Control Rule dialog box.

  2. Enter a name for the ACL Rule object, select Define Additional Properties, then click OK.

  3. Click the Access Control tab.

  4. Click the Add button on the right side of the Allowed URLs list to display the Add New Resource dialog box.

  5. Fill in the following fields:

    Resource Name: Browse for and select the protected resource that the Web application is part of. The protected resource's URL forms the basis of the Web application's URL.

    URL Postfix: Enter the information that, when appended to the protected resource's URL, completes the Web application's URL.

    An asterisk (*) as the last character provides access to the folder content and all subfolders. A question mark (?) as the last character provides access to the folder contents but not the subfolders.

    For example, if the protected resource's URL were www.mycompany.com/webapps, entering /timemanager/? would give the user access to all files in the www.mycompany.com/webapps/timemanager folder. An asterisk used in place of the question mark would grant access to that folder and its subfolders.

  6. Click OK to add the URL to the Allowed URLs list.

  7. Click OK to save the ACL rule.

  8. Repeat Step 1 through Step 7 to create ACL rules that allow access to other Web applications.