OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series

551

552

553

554

555

556

557

558

559

560

Authorization

2. The foreign_user entry for /.../cella/fritzb speciﬁes the permissions abc. The

application of the mask_obj, which speciﬁes the permissions ab to this

permission set, yields the permissions ab. Since the unauthenticated mask entry

is missing from the ACL, all permissions for unauthenticated identities are

masked, yielding an empty effective permission set.

The result of these checks is that /.../cella/fritzb’s request is denied (and would be

denied, regardless of the permission requested). In this case, only the ﬁrst two stages of

access checking are executed.

The third principal seeking access is mariac, who requests permission a. Assume that

the privilege attributes of mariac are certiﬁed, that mariac is not the principal that

corresponds to the user_obj entry, and that mariac is a member of the groups projectx

and projecty:

1. The user_obj check yields no permissions.

2. There is no matching user entry.

3. The group check ﬁnds two matching entries. The permissions associated with

projectx (abcf) when masked by the mask_obj entry (ab) yield the permissions

ab. The permissions associated with projecty (bcg) when masked by the

mask_obj entry yield the permission b. The union of the permission sets ab and b

is the set ab.

The effective permission set for mariac is ab and since the requested permission (a)isa

member of that set, mariac’s request is granted. The remaining stages of access

checking are not executed.

24.1.6.2 Example 2

Following is the ACL for an object to which two principals, ugob and /.../cellb/lolad,

seek access:

mask_obj:bcde

unauthenticated:ab

user_obj:abcdef

user:ugob:abcdefg

group:projectz:abh

foreign_other:/.../cellb/:abc

Note: The numbered lists in the discussions that follow correspond to stages 1, 2,

3, 4, 5 and 6 of the access check algorithm referred to in Section 24.1.5.

The principal ugob requests permission b. Assume that ugob is not the principal to

which the user_obj entry refers. Assume also that the privilege attributes of ugob

include membership in the group projectz, in addition to the user entry that names him.

In this case, the principal has failed to acquire certiﬁed privilege attributes:

1. The user_obj check yields no permissions.

124245 Tandem Computers Incorporated 24−9