PreviousNext

Overview - Creating and Using Extended Registry Attributes

The registry stores specific information about principals, groups, organizations, and accounts. This is the information that you create when you use dcecp commands to create principals, groups, organizations, and accounts. The kind of information that can be stored in the registry database is defined in the registry schema, which is essentially a catalog of the kinds of data stored in the database. There is a schema entry definition for each type of attribute that can be associated or attached to a registry object. For example, a schema entry defines principal names as a printable character string in DCE PCS format. When you create a principal, you enter a text string that is stored in PCS format.

Using the extended registry attribute (ERA) facility, you can add schema entries that define attribute types of your choosing. These attributes are called extended attributes because they extend the registry schema. Once the extended attribute types are defined, you can attach them to a security object with the dcecp create or modify command. The extended attribute types you create are used by custom applications that run in conjunction with DCE and are passed to those applications for processing. For example, if you work with an MVS application that requires a user's MVS name, you could establish an MVS name extended attribute that is stored in the registry. The MVS name can then be passed to the MVS application for appropriate processing.

If a principal has extended attributes, these attributes are carried with the Extended Privilege Attribute Certificate (EPAC) obtained when the principal is authenticated.

In this guide, attribute type refers to the schema entry that defines an extended attribute type. Attribute instance refers to an attribute that is attached to a registry object and has a value.

This topic describes how to create and maintain attribute types and attribute instances. It begins first with a discussion of the xattrschema object; then it describes how to define attribute types and attach attributes to objects.