OSF DCE Administration Guide--Core Components
Accessing Registry Objects
organization
named in the
account
principal named
in the account
mau permission
r permission
group named in
the account
Policy Object
any permission
r permission
To add an account that does not require adding the account’s principal to the group and
the organization named in the account, you must have the following permissions:
• The mau permissions on the account principal
• At least one permission of any kind on the group that is named in the account
• The r permission on the organization that is named in the account
• The r permission on the registry policy object
For example, to create an account for the principal preludes/villa/lobos associated with
the group composers and the organization pianists, you must have the following
permissions:
• The mau permissions on preludes/villa/lobos
• At least one permission of any kind on the group composers
• The r permission on the organization pianists
• The r permission on the registry policy object
41.2.4.3 Adding an Account and the Principal to the Group Only
Figure 41-6 shows the permissions that are required to add an account and the principal
to the group only.
Figure 41-6. Permissions to Add an Account and the Principal to the Group Only
organization
named in the
account
principal named
in the account
maug permission
r permission
group named in
the account
Policy Object
tM permission r permission
To add an account and add the account’s principal to the group (the principal is already a
member of the organization named in the account), you must have the following
124243 Tandem Computers Incorporated 41−9