How to check a userid for ACL membership

Is there a flow or Java service which allows to test if a given userid is in a particular ACL?

My context is that I have a service that displays a HTML page (via DSP). I want to put certain action buttons onto the page only if the user invoking the service has access to the service that the click of the button would invoke.

Hi Manuel,

you will need to check if the user belongs to a group which is in the particular ACL.

Check the IS Java Api installed with the IS Documentation component for details.

There are services in the IS itself which will do this, but as they belong to the Root-Package they are not documented and will only be available for users in the Administrators group.

Therefor writing a Java Service will probably be the best solution for this task.


The wm.server.access:groupList service is in the WmRoot package and it gives the groups that a user belongs. I don’t seem to have any problem calling this service from a user that is not a member of the Administrator group. If you need to know what ACLs that group has access, then you have to loop over each group and find the ACLs associated with that group. I would suggest creating a group for each ACL. Then you just have to check for the group.


Unfortunately neither of these solutions help me. The problem is that our groups are mapped LDAP groups, that is LDAP groups mapped into ACLs. These groups are not known to the groupList service for example. I really need the API that checks if a user is an allowed member in an ACL. Obviously something like this must exist inside wM but I haven’t found it exposed somewhere. Any suggestions are most welcome.

Hi Manuel,

wm.server.access:userAclList and/or wm.server.access:getAclGroupUsers might bhe useful.

But be aware that all these services a part of Package WmRoot and therefor not documented.

They might be changing without warning from version to version.

In the JavaAPI the User and the Group class have methods to determine if the user/group is an IS (WM) user/group or if it is located in LDAP or NIS.


Has anyone got this ability to work?

Specifically determining the ACL membership of an externally defined user?

I have tried all the previously mentioned recommendations and none actually return the result that I am looking for.


The problem above is that he wants to identify if an id is part of a group.

Did you get a solution for this? I am kind of having same issue.

I’ve used this before. I haven’t tested it in recent versions but I imagine it still works.

ACLGroup aclGroup = ACLManager.getGroup("<ACL Name>");
if(ACLManager.allow(aclGroup, Service.getUser()) {
   // User is in ACL
} else {
   // User is not in ACL