Privilege Attributes

After a principal is authenticated, the DCE Security Service helps obtain the principal's privilege attributes. Privilege attributes consist of UUIDs that represent the principal's network identity, the groups in which the principal is a member, and any extended attributes associated with the principal. They are used when principals request access to objects to determine their rights to those objects. Privilege attributes that are provided by the DCE Security Service are authenticated. Authenticated privileges are accepted by network services. Unauthenticated privilege attributes may not be accepted. This means that the kinds of access to DCE objects that principals are allowed can differ, depending on whether or not a principal's privilege attributes are authenticated. (DCE ACLs, which are used to control access to DCE objects based on a principal's privilege attributes, are described in Using Access Control Lists.)