How Permissions Propagate to CDS Directories and Their Contents
By creating all three ACL types (Object ACL, Initial Object Creation ACL, and Initial Container Creation ACL) for a directory, you can grant access not only to the directory itself but also to the directory's future contents and all child directories (and their contents) that may later be created.
Note: Permissions do not propagate from parent cells down to child cells. You must set permissions for each child cell individually.
For example, suppose you just created a new directory named /.:/sales. If you create an ACL entry of the Object ACL type that grants user Smith read permission to the /.:/sales directory, Smith can do the following:
· Read the attributes associated with the /.:/sales directory.
· Display the names stored in the /.:/sales directory.
If you create a second ACL entry of the Initial Object Creation ACL type that grants user Smith read permission to the /.:/sales directory, Smith can do the following:
· Read the attributes associated with the /.:/sales directory.
· Display the names stored in the /.:/sales directory.
· Read the attributes associated with all the names that you may later create in the /.:/sales directory, unless prohibited by explicit ACL modification after their creation.
If you create a third ACL entry of the Initial Container Creation ACL type that also grants user Smith read permission to the /.:/sales directory, Smith can do the following:
· Read the attributes associated with the /.:/sales directory.
· Display the names stored in the /.:/sales directory.
· Read the attributes associated with all the names that you may later create in the /.:/sales directory.
· Perform all of the three preceding operations on all child directories that may later be created under the /.:/sales directory.
(See Part 6 of this guide for complete information on default ACLs.)