Access control verifies access permissions of requests sent from a consumer to a provider. It also controls if the application can register a provider under a given domain/interface pair. Replies, publications, subscription replies and multicasts are not being checked.
The following settings control access control behaviour at runtime:
- access-control/enable: if set to
truepermissions will be checked. No permission check will be performed otherwise. - access-control/audit: if set to
truepermissions will be checked but in case of failure, messages will not get dropped. If set tofalse, no permission check will be performed. It does not have any effect if access-control/enable is set tofalse.
For a concrete example, have a look at the following settings file: CCSettingsWithAccessControlEnabled.settings.
If access control is enabled, the permission configuration is provided locally to each cluster-controller. You can try
by copying the CCAccessControlTest.entries to the working
directory of the cluster-controller and rename it to CCAccessControl.entries.