Match ACL rules to objects

Each object type has its own matching requirements.

Table 1. Object type
Object Type Matching ACL Rules Required to Access Object Existing Wildcard ACL Rules
Client-callable script includes
Users must meet the permissions of two ACL rules:
  1. All wildcard ACL rules for the object (if any ACL rule exists for the operation).
  2. The first ACL rule that matches the object's name (if any ACL rule exists for the operation).
By default, there are no wildcard (*) rules for these object types. If you create a wildcard ACL rule for one of these objects, then the ACL rule applies to all objects of this type.
Processors
UI pages
Users must meet the permissions of two ACL rules:
  1. The first ACL rule that matches the record's field (if any ACL rule exists for the operation).
  2. The first ACL rule that matches the record's table (if any ACL rule exists for the operation).
By default, there are wildcard table rules (*) for the create, read, write, and delete operations and wildcard field rules (*.*) for the personalize_choices, create, and save_as_template operations. When you create a new table, create new ACL rules for the table unless you want to use the provided wildcard ACL rules.
Record
Note: The high security property Security manager default behavior (glide.sm.default_mode) determines whether users can access objects that only match against wildcard table ACL rules. When this property is set to Deny access, only administrators can access objects that match the wildcard table ACL rules.
Note: The wildcard field ACL rule (*.*) for the create operation reuses the same permissions as the write operation. This means that the create permissions are the same as the write permissions unless you define an explicit create operation ACL rule.