The ATG secured repository system works in conjunction with the ATG Security System to provide fine-grained access control to repository item descriptors, individual repository items, and even individual properties through the use of Access Control Lists (ACLs). The secured repository feature permits you to control the access users have to assets, asset properties, and asset types. You can convert any existing repository to a secure repository in ATG without disturbing the existing design or data. ATG Secure Repository design is very much like a decorator, an existing real repository can be wrapped with access control.
How to create ATG Composite Repository?
Refer this post to write an ATG Composite Repository.
Secure repository component diagram.
Secure repository static design.
Steps to create secure repository.
In the below given example we are converting an already existing repository name cricketer to a secure repository.
1. Alter the underneath table to add owner, item acl and property acl. (ACL == Access Control List)
OWNER column contains the name of the user who created the row/item/record.
ITEM_ACL column (item access control list) contains ACL for the row/item/record.
PROPERTY_ACL column (property access control list) contains ACL for specific properties.
3. Create secure repository template for the cricketer item descriptor.
4. Configure the cricketer repository as a secured repository.
# the unsecure repository which has to be wrapped to made secure.
# The template file that configures the repository
# The security configuration component used by the repository
# Various Dynamo services we need
GenericSecuredMutableRepository is used to wrap or decorate the un-secure repository named CricketerRepository.
Every call from client will go thru GenericSecuredMutableRepository to access the underneath repository.
GenericSecuredMutableRepository filter the records based upon the ACL given for the item/property.
5. Register the repositories. This is required to expose the two repositories to the ATG Control Center Repository Editor and activate them on application startup.
above give property shall be added to /atg/registry/ContentRepositories.
You are done. CricketRepository is ACL enabled now!
1. Possible attributes for secured repository definition.