We are developing a new application using the Elektron system and we have found a situation where our application is posting data, but we need to control the users that can see the data we are posting. The unusual situation is that we require that the user have permission from a set of exchanges depending of the content posted, we understand that using the DACS-Lock, we can set the PE in the message so TREP realize the access validation when a user request data.
The main problem we had found is we don’t know if the TREP can be configured to realize this validation before send the data and if it’s possible to realize a definition of sets in the PE value without use the OpenDACS API to realize the validation in our client applications.
You can enable DACS on TREP by using the following configuration.
*ads*dacs*featureEnabled : True
With this configuration, ADS will use DACS API to connect to DACS and verify the permission before sending the data to the connected users.
Internally, the OpenDACS API also uses DACS API to verify the permission. Therefore, both ADS and OpenDACS API can connect to DACS server via Dacs Daemon to verify the permission for users.
For example, the user connects to ADS with DACS enabled and subscribes to IBM.N. However, if the user doesn't have permission to access the "NYS" exchange required by IBM.N, the user will get the following error from ADS:
'Access Denied: User req to IDN for Exch - NYS'"
For more information, please refer to An Introduction to the DACS Entitlement System for OpenDACS Developers article.