Each administrative action that can be access-controlled
(e.g. editing walk settings, creating accounts) can be thought of as an
object. Some actions are broader than others and can be thought of as
a superset, e.g. editing all profiles is a superset of editing a
specific profile. Thus, access control objects are arranged in
a tree-like hierarchy, where each object has a parent object, and can
inherit permissions from it. This makes setting privileges on a
logical group of objects (e.g. all profiles) easier, as only one object
may need to be changed (the parent). Also, when new child members
(e.g. new profiles) are created, they will inherit the same privileges
automatically. The access control object hierarchy in the Search Appliance
is as follows:
/ Global root object
Users/ User accounts
admin admin user
... other users
Groups/ User groups
Profiles/ Profiles
default default profile
... other profiles
Settings/ Profile settings
Maintenance/ System page
Info/
Updates/
Logs/
Settings/
System Wide
ACLs
Thesaurus
Save, Restore
Mounts
System/
RAID
Note that these "files" do not really exist: the objects are
merely symbols representing actions that can be access-controlled.