PreviousNext

Controlling Access to DTS

You can assign privileges that control access to DTS objects by using DCE Authorization Service Access Control Lists (ACLs).

The DTS principal that represents the server on a given system is the primary access control object for DTS. This principal has controlled access by human users and clerk or server processes. The default name that you can use for the DTS object in any dcecp command is /.:hosts/hostname/dts-entity.

The ACL for the DTS server can contain any type of ACL entry that is valid for a principal (human or process) or authorization group to which this principal belongs. See Using Access Control Lists of this guide for a discussion of the DCE ACLs facility and descriptions of ACL types and their entries.

To display the ACL entries in the DTS server principal's ACL, you can use the dcecp acl show command. For example:

dcecp> acl show /.:/hosts/Detroit2/dts-entity

{unauthenticated r--}
{user hosts/Detroit2/self rwc}
{group subsys/dce/dts-admin rwc}
{any_other r--}
dcecp>

To modify any of the entries in the DTS server principal's ACL, you can use the acl modify command. Instructions for using this command appear in Using Access Control Lists .