OSF DCE Administration Guide--Core Components
Using Access Control Lists
foreign_other_delegate Establishes permissions for an intermediary acting for
other principals in a specific foreign cell, one other than
the default cell of the ACL, that are not specifically
named in ACL entries of entry type foreign_user or are
members of a group named in an ACL entry of type
foreign_group. You must identify the foreign cell by
supplying a cell name as a key. The entry format is
{foreign_other_delegate cell_name permissions}
any_other_delegate Establishes permissions for an intermediary acting for
all other principals in local or foreign cells unless they
match a more specific entry in the ACL. The entry
format is
{any_other_delegate permissions}
28.2.3 Group Permissions and Project Lists
Principals accrue group permissions from their project list, a list of all the groups of
which a principal or alias is a member. When a principal tries to access an object, the
principal has the access rights that accrue from the logical OR of permissions granted to
every group with an entry in the ACL and in which the principal is a member. Note that
the principal accrues rights only from the name or alias with which the principal logged
in, not both names and aliases. (See Chapter 30 for more information on aliases and
project lists.)
For example, suppose an ACL contains the following entries:
{user_obj crwxid-}
{group_obj crwx---}
{other_obj -r-----}
{group composers crwx---}
{user bach crwx---}
{user mozart crwx---}
{group performers --w-idt}
User cole is a member of the group composers and the group performers. Because
cole accrues permissions from both groups, his access permissions are crwxidt. (The
security service provides a method to prevent a group from being included in a project
list, thus preventing the group’s permissions from being accrued as part of the project
list. See Chapter 30 for more information.)
124243 Tandem Computers Incorporated 28−9