Search Appliance SBE
Each administrative action that can be access-controlled (e.g. editing walk settings, creating accounts) can be thought of as an object. Some actions are broader than others and can be thought of as a superset, e.g. editing all profiles is a superset of editing a specific profile. Thus, access control objects are arranged in a tree-like hierarchy, where each object has a parent object, and can inherit permissions from it. This makes setting privileges on a logical group of objects (e.g. all profiles) easier, as only one object may need to be changed (the parent). Also, when new child members (e.g. new profiles) are created, they will inherit the same privileges automatically. The access control object hierarchy in the Search Appliance is as follows:
/ Global root object
Users/ User accounts
admin admin user
... other users
Groups/ User groups
Profiles/ Profiles
default default profile
... other profiles
Settings/ Profile settings
Maintenance/ System page
Info/
Updates/
Logs/
Settings/
System Wide
ACLs
Thesaurus
Save, Restore
Mounts
System/
RAID
Note that these "files" do not really exist: the objects are merely symbols representing actions that can be access-controlled.