Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
211212213214215216217218219220
Controlling Access to CDS Names
16.3 How Permissions Propagate to CDS Directories and
Their Contents
By creating all three ACL types (Object ACL, Initial Object Creation ACL, and Initial
Container Creation ACL) for a directory, you can grant access not only to the directory
itself but also to the directory’s future contents and all child directories (and their
contents) that may later be created.
Note: Permissions do not propagate from parent cells to child cells. You must set
permissions for each child cell individually.
For example, suppose you just created a new directory named /.:/sales. If you create an
ACL entry of the Object ACL type that grants user Smith read permission to the /.:/sales
directory, Smith can do the following:
Read the attributes associated with the /.:/sales directory
Display the names stored in the /.:/sales directory
If you create a second ACL entry of the Initial Object Creation ACL type that grants user
Smith read permission to the /.:/sales directory, Smith can do the following:
Read the attributes associated with the /.:/sales directory
Display the names stored in the /.:/sales directory
Read the attributes associated with all the names that you may later create in the
/.:/sales directory, unless prohibited by explicit ACL modification after their creation
If you create a third ACL entry of the Initial Container Creation ACL type that also
grants user Smith read permission to the /.:/sales directory, Smith can do the following:
Read the attributes associated with the /.:/sales directory
Display the names stored in the /.:/sales directory
Read the attributes associated with all the names that you may later create in the
/.:/sales directory
Perform all of the three preceding operations on all child directories that may later be
created under the /.:/sales directory
(See Part 6 of this guide for complete information on default ACLs.)
16.4 ACL Entry Types Used for Principals
You use ACL entry types to specify the category of principal for which the ACL entry is
created. These ACL entry types are described in Table 16-1.
TABLE 16-1. ACL Entry Types Used for CDS Principals
124243 Tandem Computers Incorporated 163