Manualshelf

OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
551552553554555556557558559560
OSF DCE Application Development Guide—Core Components
Note: The implementation of DCE ACLs is aligned with POSIX P1003.6 Draft
12.
In the discussions in this chapter, we use the general term name to refer to a principal,
group, or cell identifier; but readers should always bear in mind that these names have
two representations: as UUIDs in ACL program interfaces and as print strings in user
interfaces.
24.1.1 Object Types and ACL Types
The ACL facility distinguishes between two types of objects: container objects and
simple objects. Container objects contain other objects, which may be simple and/or
other container objects. Simple objects do not contain other objects. Examples of
container objects include file-system directories and databases; examples of simple
objects include files and database entries.
To protect both object types, and to enable newly created objects to inherit default ACLs
from their parent container objects, the ACL facility supports two basic kinds of ACLs:
An Object ACL is associated with either a container or a simple object, and controls
access to it.
A Creation ACL is associated with a container object only. Its function is not to
control access to the container but to supply default values for the ACLs of objects
created in the container. There are two types of Creation ACLs:
— An Initial Object Creation ACL supplies default values for a simple object’s
Object ACL and for a container object’s Initial Object Creation ACL.
— An Initial Container Creation ACL supplies default values for both a container
object’s Object ACL and its Initial Container Creation ACL.
Figure 24-1 illustrates how ACL defaults are derived from Creation ACLs.
Figure 24-1. Derivation of ACL Defaults
Object ACL
Initial Container Creation ACL
Initial Object Creation ACL
Object ACL defaults
Object ACL defaults
Initial Container Creation ACL defaults
Initial Object Creation ACL defaults
Container Object A
Container Object Created in Container ASimple Object Created in Container A
242 Tandem Computers Incorporated 124245