ACL Entry Types for Principals and Groups
ACL entry types let you define entries for the following:
· Principals and groups
- - Principals and groups in the local cell
- Principals and groups in foreign cells
- Delegate entries
- All principals in the local cell for whom individual ACL entries have not been created.
- All principals in the local and all foreign cells whose privilege attributes do not match any of the other ACL entries.
· Masks used for authenticated and unauthenticated users
· As-yet-undefined entry types that can be copied and displayed (if not interpreted) by dissimilar DCE releases.
If any principal or group is not authenticated, the permissions in the entry are further constrained by the unauthenticated mask (described later in this topic). All entries for authenticated principals, except user_obj and other_obj entries, are further constrained by the mask_obj mask (also described later in this topic).
The following list shows the entry types for principals and groups, their meaning, and their entry format. All ACLs have a default cell defined in them, as referred to in the table. It is changeable, and serves to define the cell for various data types.
This list uses the following syntax variables:
principal_name
The name of a principal in the registry database
group_name
The name of a group defined in the registry database
cell
The global path name of a cell in the format /.../name.
permissions
The permissions made available by the object's ACL manager.
The principal and group ACL entry types are as follows:
user_obj
Establishes permissions for the object's real or effective user. An example is the owner of a file. The entry format is
{user_obj permissions}
group_obj
Establishes permissions for members of the object's real or effective group. An example is the group of a file. The entry format is
{group_obj permissions}
other_obj
Establishes permissions for all other principals in the default cell, unless they are specifically named in ACLs of entry type user, are members of a group
named in an ACL with an entry type of group, or match the principal indicated by the user_obj or group_obj entry. The entry format is
{other_obj permissions}
user
Establishes permissions for a specific principal in the default cell of the ACL. This ACL entry type requires a key that is a principal name. The entry format is
{user principal_name permissions}
group
Establishes permissions for members of a specific group in the default cell. This ACL entry type requires a key that is a group name. The entry format is
{group group_name permissions}
foreign_user
Establishes permissions for a specific principal in a foreign cell, one other than the default cell of the ACL. You must identify the principal by supplying a
principal name and cell name as a key. The entry format is
{foreign_user cell_name/principal_name permissions}
foreign_group
Establishes permissions for a specific group in a foreign cell, one other than the default cell of the ACL. You must identify the group by supplying a group name
and a cell name as a key. The entry format is
{foreign_group cell_name/group_name permissions}
foreign_other
Establishes permissions for other principals in a specific foreign cell, one other than the default cell of the ACL, that are not specifically named in ACL entries
of entry type foreign_user or are members of a group named in an ACL entry of type foreign_group. You must identify the foreign cell by supplying a cell name as a key. The entry
format is
{foreign_other cell_name permissions}
any_other
Establishes permissions for all other principals in local or foreign cells unless they match a more specific entry in the ACL. The entry format is
{any_other permissions}
user_obj_delegate
Establishes permissions for an intermediary acting for the object's real or effective user. The entry format is
{user_obj_delegate permissions}
group_obj_delegate
Establishes permissions for an intermediary acting for members of the object's real or effective group. The entry format is
{group_obj_delegate permissions}
other_obj_delegate
Establishes permissions for an intermediary acting for all other principals in the default cell, unless they are specifically named in ACLs of entry type
user, are members of a group named in an ACL with an entry type of group, or match the principal indicated by the user_obj or group_obj entry. The entry format is
{other_obj_delegate permissions}
user_delegate
Establishes permissions for an intermediary acting for a specific principal in the default cell of the ACL. This ACL entry type requires a key that is a principal
name. The entry format is
{user_delegate principal_name permissions}
group_delegate
Establishes permissions for an intermediary acting for members of a specific group in the default cell. This ACL entry type requires a key that is a group name.
The entry format is
{group_delegate group_name permissions}
foreign_user_delegate
Establishes permissions for an intermediary acting for a specific principal in a foreign cell, one other than the default cell of the ACL. You must
identify the principal by supplying a principal name and cell name as a key. The entry format is
{foreign_user_delegate cell_name/principal_name permissions}
foreign_group_delegate
Establishes permissions for an intermediary acting for a specific group in a foreign cell, one other than the default cell of the ACL. You must identify
the group by supplying a group name and a cell name as a key. The entry format is
{foreign_group_delegate cell_name/group_name permissions}
foreign_other_delegate
Establishes permissions for an intermediary acting for other principals in a specific foreign cell, one other than the default cell of the ACL, that are
not specifically named in ACL entries of entry type foreign_user or are members of a group named in an ACL entry of type foreign_group. You must identify the foreign cell by
supplying a cell name as a key. The entry format is
{foreign_other_delegate cell_name permissions}
any_other_delegate
Establishes permissions for an intermediary acting for all other principals in local or foreign cells unless they match a more specific entry in the ACL. The
entry format is
{any_other_delegate permissions}