The attribute type flags set in a schema entry are described in the following topics.
The Unique Flag
The unique flag specifies whether or not the value of each instance of an attribute type must be unique within the cell. For example, assume that an instance of attribute type A is attached to 25 principals in the cell. If the unique flag is set on, the value of the A attribute for each of those 25 principals must be different. If it is set off, the all 25 principals can share the same value for attribute A.
The Multivalued Flag
The multivalued flag specifies whether or not instances of the attribute can be multivalued. If an attribute is multivalued, multiple instances of the same attribute type can be attached to a single registry object. For example, if the multivalued flag is set on, a single principal can have multiple instances of attribute type A. If the flag is set off, a single principal can have only one instance of attribute type A.
All instances' multivalued attributes share the UUID (the UUID of their attribute type), but the values carried by the instances differ. Generally, to access all instances of a multivalued attribute, you supply the attribute UUID. To access a specific instance of a multivalued attribute, you supply the UUID and the value carried by that instance.
The Reserved Flag
The reserved flag indicates whether or not the attribute type can be deleted from the schema. Note that, when an attribute type is deleted, all instances of the attribute type are deleted. If the reserved flag is set on, the entry cannot be deleted. If the reserved flag is set off, authorized principals can delete the schema entry.
The Apply-Defaults Flag
The apply-defaults flag indicates whether or not default attributes should be returned when objects are queried by a client with the sec_rgy_attr_get_effective( ) call. If the apply-defaults flag is set on, defaults are applied. If it is set off, defaults are not supplied.
Defaults are determined in the following manner:
1. If the requested attribute exists on the principal, that attribute is returned. If it does not, the search continues.
2. The next step in the search depends on the type of object:
For principals with accounts:
a. The organization named in the principal's account is examined to see if an attribute of the requested type exists. If it does, it is returned and the search ends. If it does not, the search continues to the policy object as described in Step 2b.
b. The registry policy object is examined to see if an attribute of the requested type exits. If it does, it is returned. If it does not, a message indicating that no attribute of the type exists for the object is returned.
For principals without accounts, for groups, and for organizations:
The registry policy object is examined to see if an attribute of the requested type exits. If it does, it is returned. If it does not, a message indicating that no attribute of the type exists for the object is returned.