Under Content Server 5.3 and later, when Trusted Content Services is enabled in a repository, additional access control entries are available. The access control entries described in the table are independent of each other, not hierarchical.
Table 22.3. Additional access control entries
| Access control entry | Effect of the entry |
|---|---|
Access Restriction | An access restriction entry denies a user the right to the base object-level permission level specified in the entry. For example, if a user would otherwise have delete permission as a member of a particular group, an access restriction might limit the user to, at most, version permission. The user would therefore lose write and delete permission. |
Extended Restriction | An extended restriction entry denies a user or the members of a specified group the specified extended object-level permission. For example, if a user would otherwise have Change Permission rights as a member of a particular group, an extended restriction would remove that right. |
Required Group | A required group entry requires a user requesting access to an object governed by the permission set to be a member of the group identified in the entry. If there are entries for multiple groups, the user must be a member of all of the groups before Content Server allows access to the object. |
Required Group Sets | A required group set entry requires a user requesting access to an object governed by the permission set to be a member of at least one group in the set of groups. |