OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series

421

422

423

424

425

426

427

428

429

430

OSF DCE Administration Guide—Core Components

dcecp> xattrschema delete /.:/xattrschema/MVSname

32.2.5 Deﬁning the ACL Managers for Attributes

When you deﬁne an extended attribute type, you must deﬁne the objects to which the

attribute can be attached and the permissions to access the attribute. To do this, you

associate an attribute type with one or more ACL managers, and you supply the

permission sets that control access to attribute instances of that type. The attribute can be

attached only to the objects that are supported by the ACL manager types named in its

ACL manager set. And, only the permissions named in the ACL manager set are valid for

accessing the attribute instance. (Note that these permissions are in addition to the

permissions already established by the ACL manager for the object it controls.) For

example, suppose an ACL manager set for an attribute type named MVSname lists only

the ACL manager type for principals. Then, instances of the attribute type named

MVSname can be attached only to principals and not any other registry objects. The

ACL manager set for the MVSname attribute also contains the permissions that control

access to the MVSname attribute.

Use the dcecp xattrschema -aclmgr option to specify an attribute’s ACL manager set.

This option has the following form:

{mgr_uuid queryset updateset testset deleteset }

where:

mgr_uuid Is the UUID that identiﬁes the ACL manager to be associated with

the attribute type. You can supply either the UUID or one of the

following shorthand names (which are converted internally to a

UUID) to access the ACL manager types provided by DCE:

policy To access the ACL manager for the policy

object.

principal To access the ACL manager for principals.

group To access the ACL manager for groups.

organization To access the ACL manager for organizations.

secdirectory To access the ACL manager for directories in

the registry database.

replist To access the ACL manager for the replica list.

xattrschema To access the ACL manager for the registry

schema.

srvrconf To access the ACL manager for the dced object.

queryset Is the permission set to query instances of the attribute.

updateaset Is the permission set to modify instances of the attribute.

32 − 6 Tandem Computers Incorporated 124243