OSF DCE Administration Guide--Core Components
Chapter 16. Controlling Access to CDS Names
This chapter presents information on the following CDS authorization topics:
• Overview of DCE authorization for CDS
• DCE authorization components supported by CDS
• DCE permissions supported by CDS
• Controlling access to CDS clerk and server management operations
• Control program commands and required permissions
• Editing ACLs on CDS names
• How CDS servers gain access to the namespace
• Setting up access control in a new namespace
16.1 Overview of DCE Authorization for CDS
CDS authorization allows you to control user access to the following CDS components:
• Names that are stored in the namespace, including clearinghouses, directories, object
entries, soft links, and child pointers
• Execution of privileged CDS clerk and server commands
You control access to a name in the namespace by creating an ACL. An ACL contains
individual ACL entries that specify the permissions you grant a user (principal) to the
name with which the ACL is associated. The ACL entries that you create determine
collectively which principals can use the name and what management operations they
are allowed to perform on it.
CDS ACL management software, incorporated into all CDS clerks and servers, performs
access checking for incoming CDS requests. When a principal requests an operation on
a CDS name, ACL management software on a server that stores the name examines the
ACL entries associated with the name. The software then grants or denies the operation,
based on the permissions granted to the requesting principal in the ACL entries.
Similarly, when a principal requests a privileged operation on a CDS clerk or server,
124243 Tandem Computers Incorporated 16−1