OSF DCE Administration Guide--Core Components
OSF DCE Administration Guide—Core Components
Figure 28-3. Order of Checking ACLs and Applying Masks
apply the masks.
user_obj
user_obj_delegate
other_obj
other_obj_delegate
Masked through mask_obj
mask_obj
unauthenticated
group_delegate
group_obj
group_obj_delegate
group
foreign_group
foreign_group_delegate
user
user_delegate
foreign_user
foreign_user_delegate
foreign_other
foreign_other_delegate
any_other
any_other_delegate
checking immediately, and
If no match was found in
mask_obj
step 1, check all the group
entries, logically ORing
the acquired permissions.
Match credentials against
mask_obj to the
permissions gained from
entries in the right column.
Apply unauthenticated
mask to all permissions.
Match credentials against
If a match is found in the
Access ACL Entries. If a
match is found, then stop
Access ACL Entries. If a
match is found, then stop
checking immediately, and
apply the masks.
group entries, then ignore
steps 3 through 5 and apply
the masks.
Step 1:
Step 2:
Steps 3 through 5:
Masks:
Apply
Not masked through
28.2.7.1 The mask_obj Mask and ACL Checking
Before the ACL manager grants any permissions derived from checking the ACL
entries, it filters the entry permissions through the mask_obj mask. Only those
permissions named in the ACL entry and in the mask are granted. For example, if an
28 −14 Tandem Computers Incorporated 124243