Terminology
Copy
The following terms are used in this guide to describe DAC:
General Terms:
Access Controlled Items – Items under DAC policy control, specifically the related items under a relationship structure that is governed by a DAC policy.
DAC Domain – A logical grouping consisting of all related items sharing the same Root item whose access control policies are defined by a DAC policy.
DAC Subdomain - A single path inclusive of root and leaf items in a DAC Domain.
Subdomain AC Policy - the set of Access Rules that govern permissions for a Leaf item within a subdomain (path).
Subdomain AC Rule – Determines which permission to grant to a Controlled Item using the configured criteria.
Root Item – Top-most node of a Relationship Structure, Context Item of the Query Definition used to define Subdomains.
Leaf Item – ‘End’ item in any path of a Relationship structure. The item whose access is controlled by DAC Policy (Access Controlled item)
Path – A segment from a Relationship Structure connecting a Root Item to a Leaf Item
DAC ItemTypes:
DAC Definition – An ItemType that defines a DAC policy against a domain using a Query Definition, Derived Relationship Family and DAC Subdomains. A Container for Subdomain Rules.
Query Definition – A standard Aras Query Definition, used to specify paths from the controlled Relationship structure against which DAC will be applied.
Derived Relationship (DR) - A Named ItemType that identifies start and endpoints as a path within a relationship structure. The start, or Departure ItemType is the root item and the Destination ItemType is the leaf item. In the DAC context it is analogous to a subdomain.
Derived Relationship Family (DRF) – An ItemType that contains a Query Definition and the associated group of Derived Relationship items defined by that Query. Derived Relationships are analogous to DAC subdomains (start/end points of a path within the overall structure).
unidr_Relationship – Persisted table used by DAC to track subdomains and membership of leaf items therein.