Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
351352353354355356357358359360
Using Access Control Lists
of group entry checking is not important. See Section 28.2.3 for more information
on project lists.
3. If the ACL manager does not find a match between the principal requesting
permission and a member of a group in the group entries, it checks the other_obj
and other_obj_delegate entries. If the ACL manager finds a match, it stops
checking ACL entries.
4. If the ACL manager does not find a match between the principal requesting
permission and the other_obj or other_obj_delegate entries, it checks the
foreign_other and foreign_other_delegate entries. If the ACL manager finds a
match, it stops checking ACL entries.
5. If the ACL manager does not find a match between the principal requesting
permission and the foreign_other or foreign_other_delegate entries, it checks
the any_other and any_other_delegate entries. If it does not find a match in the
any_other or any_other_delegate entries, it denies all access to the object.
The final permission is the intersection of the permission of the initiator principal and of
each delegate.
Figure 28-3 shows these steps as they apply to the ACL entries. The two columns
distinguish between ACL entries that are not masked by mask_obj and those that are
masked by it.
124243 Tandem Computers Incorporated 28 13