Internal* ACL


I wonder why Developer has certain ACL’s set to ‘internal*’. (note the *). (under the Settings tab of a flow). It’s not an option you can choose yourself.

The reason I’d like to know is that is the only difference I notice between a flow which I may call, and another which I may not call. So it seems a different ACL than ‘internal’ (without the *).


The * indicates that the ACL was inherited from the service’s parent.

When a subfolder or service inherits the ACL of its (parent) folder, the server displays the name
of the ACL of the folder followed by an asterisk (*) in the ACL field of the service
information. When the client attempts to invoke a service, the server uses the inherited ACL.

If you can invoke any service with the ‘Internal’ ACL, I think you should be able to invoke the service with an inherited ACL of ‘Internal’.

The asterisk means the ACL was inherited, rather than being set directly on that element. See page 123 of the 4.6 Administrators Guide.

Internal ACL is described in the IS Administrators Manual 4.6 release page 118: “Allows only users in the Administrators and Developers groups access to a service and denies all other users. The server assigns this ACL to built-in utility services shipped with the server”.

Generally, Internal is set on services that should not be called from outside the IS.