Manualshelf

OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
581582583584585586587588589590
The Extended Attribute API
28.1.3.2 ACL Manager Set
An attribute type’s ACL manager set specifies the ACL manager type or types (by
UUID) that control access to the object types to which attribute instances of this type can
be attached. Attribute instances can be attached only to objects protected by the ACL
manager types in the schema entry. For example, suppose an ACL manager set for an
attribute type named MVSname lists only the ACL manager type for principals. Then,
instances of the attribute type named MVSname can be attached only to principals and
not any other registry objects.
Access to an attribute instance is controlled by the ACL on the object to which the
attribute instance is attached and access control is implemented by the object’s ACL
manager type. For example, access to an attribute named MVSname on the principal
object named delores is controlled by the ACL on the delores object.
Do not confuse access to an attribute type definition (a schema entry) with access to an
attribute instance. As described previously, access to a schema entry is controlled by the
ACL on the xattrschema object. Access to an attribute instance is controlled by the
ACL on the object to which the attribute instance is attached.
In addition to the ACL manager types, the ACL manager set defines the permission bits
needed to query, update, test, and delete instances of the attribute type. These bits are
used by the object’s ACL manager to determine rights to the object’s attributes.
The ACL manager types and permissions defined for the attribute type apply to all
instances of the attribute type.
Note that the ACL manager facility supports additional generic attribute type
permissions (O through Z inclusive). Administrators can assign these permissions to
attribute types of their choice. All uses of these additional permission bits are controlled
by the cell’s administrator. See the for more information.
28.1.3.3 Attribute Flags
The attribute type flags set in a schema entry are described in the following paragraphs.
28.1.3.3.1 The Unique Flag
The unique flag specifies whether or not the value of each instance of an attribute type
must be unique within the cell. For example, assume that an instance of attribute type A
is attached to 25 principals in the cell. If the unique flag is set on, the value of the A
attribute for each of those 25 principals must be different. If it is set off, the all 25
principals can share the same value for attribute A.
124245 Tandem Computers Incorporated 285