Registry ACL Manager
The registry ACL manager consists of five manager types, which are used to handle different ACL semantics that are required by the five types of objects in the registry. For example, the principal ACL manager type controls the ACLs on all principal objects in the registry. Because group objects require a set of permissions that are different than those of a principal object, there is a separate group ACL manager type that controls the ACLs on group objects.
Not all permissions nor all ACL entry types are valid for each ACL manager. The following table summarizes the valid and invalid permissions and the invalid ACL entry types for each ACL manager.
ACL managers and Valid Permissions and ACL Entry Types
| Manager Type | Controls |
Valid Permissions | Invalid ACL Entry Types |
| dir | directory objects | rcidDn | user_obj, group_obj |
| policy | the policy object | rcma | user_obj, group_obj |
| principal | principal objects | rcDnfmaug | group_obj |
| group | group objects | rctDnfmM | user_obj |
| org | org objects | rctDnfmM | user_obj, group_obj |
| replist | replica lists | cidmIA | user_obj, group_obj |
| xattrschema | ERA types | rcidm | user_obj, group_obj |