Every ACE has a source, either Default, Direct, Inherited,
or Template.
You can view the source types of ACEs in the
Administration Console for Content Platform Engine security editor.
- Default
- Permissions are placed on an object by the Default Instance Security
ACL of its class, as well as permissions placed on a subclass by its
parent class. Default ACEs are directly editable; if you do, its source
type becomes Direct.
- Direct
- Permissions are added directly to an object. Direct ACEs are directly
editable.
- Inherited
- Permissions are placed on the object by a security parent or by
setting up a relationship with an object-valued property whose Security
Proxy Type has been set to Inherited. Inherited ACEs are not directly
editable. See Understanding security inheritance and Configure security inheritance for information.
- Template
- Permissions are placed on the object by a security policy. Template
ACEs are not directly editable and do not appear on classes. Rather,
a document, folder, or custom object class can have a default Security
policy which will pass template ACEs to the instances of the class,
if all the conditions for the template apply. (See Security policies.)