An access control list (ACL) represents user permissions in form of a list. For each object and activity it contains rights of subjects in form of access operations. For an object obj x, e.g, the ACL could contain the rights {sub_1: read; sub_2: read,write}.
An ACL can easily be built with the following code:
ACLModel acl = new ACLModel("ACL", base);
acl.addActivityPermission("sub_1", "act_1");
acl.addActivityPermission("sub_1", "act_2");
acl.addActivityPermission("sub_2", "act_3");
acl.addActivityPermission("sub_3", "act_2");
acl.addObjectPermission("sub_1", "obj_1", DataUsage.READ);
acl.addObjectPermission("sub_1", "obj_2", DataUsage.READ);
acl.addObjectPermission("sub_1", "obj_3", DataUsage.READ,DataUsage.CREATE);
acl.addObjectPermission("sub_2", "obj_2", DataUsage.DELETE);
acl.addObjectPermission("sub_3", "obj_3", DataUsage.WRITE);
System.out.println(acl);
Corresponding output of the code above:
ACModel{
name: ACL
subjects: [sub_2, sub_1, sub_3]
transactions: [act_2, act_1, act_3]
objects: [obj_3, obj_2, obj_1]
transaction permissions:
sub_2: [act_3]
sub_1: [act_1, act_2]
sub_3: [act_2]
Object permissions:
sub_2: [obj_2]
sub_1: [obj_3, obj_2, obj_1]
sub_3: [obj_3]
}
(1a) ACL editing dialogue with preview.
(1b) Dialogue for editing at- tribute permissions.
Figure 1: Dialogue for editing ACLs in SEWOL.
For the convenient editing of ACLs SEWOL comes with a graphical dialogue. One canĀ either provide a SOABase for editing or can create a new one using the dialogue. The following code creates a new Java Swing dialogue with an existing base:
ACModelDialog.showDialog(null, "ACL", ACModelType.ACL, base);
The resulting Java Swing dialogue can be seen in Figure 1a. With a click on the Edit permissions button, a new dialogue opens, which allows to edit activity and attribute permissions (see Figure 1b). The permissions can be seen in the preview window of the dialogue, where lists of activities and objects are assigned to subjects.