Access Control Lists

An access control list (ACL) is a named set of permissions that controls access to individual entities in the Online Marketing Cockpit (e.g. access to a particular account). To every role existing in the OMC, individual permissions can be assigned by means of an ACL.

ACLs are no substitute for and no alternative to roles and their specific permissions. They are a means to restrict the type of access roles have to individual entities in the OMC: If a role was given a particular permission (using the permission list of the role), you can revoke this permission with an ACL. However, the reverse does not apply. You cannot grant a role any permissions with an ACL.

In an ACL, one of four combinations of permissions can be specified:

  • : No access.
  • Read: The role members only have read access to the entity.
  • Lesen + write: The role members have read and write access to the entity.
  • Read + write + owner: The role members have read and write access to the entity. Additionally, they are the owner of the entity which enables them to select a different ACL for it.

If no ACL has been specified for an entity, an OMC user has the permissions granted to him via the roles of which he is a member. For an ACL to become effective for a particular entity, the owner of that entity must have been specified, too.

Displaying and Editing ACLs

To open the list of ACLs, click Access Control Lists in the System Settings section. The list is then displayed:

ACL list

To view the definition of an ACL, click the corresponding list item:

Properties of an ACL

As can be seen from the contents of the Permissions tab, three roles were given different combinations of permission. Note that roles to which the superuser permission has been assigned always have all permissions. Thus, in ACLs, no permissions need to be specified for a role with superuser permission.

Click Edit to modify the properties of the ACL. See the following section for more information about the properties of ACLs.

Creating an ACL

To create an ACL, click New on the ACL list page. This will open the ACL creation page:

ACL creation

Please enter the title of the ACL, then select its owner from the drop-down menu. The owner of the ACL is the person permitted to edit or delete the ACL later on, if required. If no owner is specified, everyone with access to the system settings will be able to modify or to delete it.

For every role, select the type of access you want the respective role members to have. When finished, click Create.