Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
341342343344345346347348349350
Using Access Control Lists
Figure 28-1. ACL Managers in Servers
Generic
Server
Server
ACL Client
dcecp
ACL Library
ACL
Manager
ACL
Manager
Server
data
data
ACL
Server
data
ACL
data
ACL
Protocol
ACL
Protocol
In addition to the standard DCE components, ACLs can control access to any object for
which an ACL manager has been implemented. ACLs can be associated with user-
written applications to protect access to the use of the application itself, the files in the
application, and even fields in those files.
All of the elements of ACLs described in this chapter are available to ACL managers;
however, each manager may implement all or only a subset of the elements. For
information on how ACLs are used by specific DCE components, consult the appropriate
section in this guide.
28.1.2 ACL Interpretation
Part of the information associated with an account is a principal and a set of groups. (The
groups are called a project list in this context, in honor of its Multics origin.) Together,
the principal and project list are called the privilege attributes (or client-side access
control information) associated with the account.
124243 Tandem Computers Incorporated 283