Manualshelf

OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
551552553554555556557558559560
Authorization
Aside from the distinctions previously described, there are no differences between
Object ACLs and Creation ACLs; therefore, the information about ACLs in the rest of
this chapter does not differentiate between them.
24.1.2 ACL Manager Types
A separate ACL manager type manages the ACLs for each class of objects for which
permissions are uniquely defined. The manager type defines the permissions for those
objects whose ACLs it manages, which are the number of permissions, the meanings of
the permissions, and the tokens that represent the permissions in user interfaces to ACL
manipulation tools.
For example, for the purpose of access control, five classes of objects are defined in the
registry database, and five ACL manager types manage the ACLs for the registry
database objects (the five registry manager types run in a single security server process).
Other DCE components implement their own manager types, and applications
implement manager types for the objects that the applications protect.
Refer to the OSF DCE Administration Guide and the OSF DCE Administration
Reference for information about standard DCE ACL manager types and the permissions
they implement. Refer to Part 1 and Chapter 31 of this guide for information about
implementing ACL manager types for distributed applications.
24.1.3 Access Control Lists
An ACL consists of the following:
An ACL manager type identifier, which identifies the manager type of the ACL.
A default cell identifier, which specifies the cell of which a principal or group
identified as local is assumed to be a member. A DCE global pathname is necessary
to specify a principal or a group from a nondefault cell; this consists of a pair of
UUIDs representing the principal or group, and the cell of which it is a member. It is
necessary to use the ID Map API to convert the global print string names of foreign
principals and groups to the UUID representations that DCE ACL managers use.
(Refer to Chapter 32 for more information on this subject.)
At least one ACL entry.
The rest of this chapter discusses ACLs primarily from a user-interface point of view,
since this perspective provides an orientation to the discussion of the ACL API in this
part.
124245 Tandem Computers Incorporated 243