--- title: Access Control Handler description: This is an abstract object type that cannot be instantiated. component: pingds version: 8.1 page_id: pingds:configref:objects-access-control-handler canonical_url: https://docs.pingidentity.com/pingds/8.1/configref/objects-access-control-handler.html section_ids: access_control_handlers: Access Control Handlers access_control_handler_properties: Access Control Handler properties basic_properties: Basic properties enabled: enabled java-class: java-class --- # Access Control Handler *This is an abstract object type that cannot be instantiated.* Access Control Handlers manage the application-wide access control. The PingDS access control handler is defined through an extensible interface, so that alternate implementations can be created. Only one access control handler may be active in the server at any given time. Note that PingDS also has a privilege subsystem, which may have an impact on what clients may be allowed to do in the server. For example, any user with the bypass-acl privilege is not subject to access control checking regardless of whether the access control implementation is enabled. ## Access Control Handlers The following Access Control Handlers are available: * [DSEE Compatible Access Control Handler](objects-dsee-compat-access-control-handler.html) * [Policy Based Access Control Handler](objects-policy-based-access-control-handler.html) These Access Control Handlers inherit the properties described below. ## Access Control Handler properties You can use configuration expressions to set property values at startup time. For details, see [Property value substitution](expressions.html). | Basic Properties | | --------------------------------------------- | | [enabled](#enabled) [java-class](#java-class) | ### Basic properties Use the `--advanced` option to access advanced properties. ### enabled | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Indicates whether the Access Control Handler is enabled. If set to FALSE, then any client (including unauthenticated or anonymous clients) is allowed to bind to the server and any connection with the "bypass-acl" privilege is allowed to perform any operation. | | *Default value* | None | | *Allowed values* | truefalse | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### java-class | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the fully-qualified name of the Java class that provides the Access Control Handler implementation. | | *Default value* | None | | *Allowed values* | A Java class that extends or implements:- org.opends.server.api.AccessControlHandler | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | The object must be disabled and re-enabled for changes to take effect. | | *Advanced* | No | | *Read-only* | No |