Access Control Lists
An access control list (ACL) is an authorization mechanism that allows you to assign permissions that control access to DCE objects. The following DCE objects are protected by ACLs:
· Principals and groups of principals managed by the Security Service
· Files and file system directories managed by the DFS
· DTS servers
· CDS directories and entries
· CDS clients and servers, which have ACLs restricting the use of their management operations (for example, creating a clearinghouse)
· GDS entries managed by GDS's own ACL mechanism, as described in the OSF DCE GDS Administration Guide and Reference
An ACL consists of multiple ACL entries that define the following:
· Who can use an object
· What operations can be performed on the object
In the filespace, ACLs are an extension of the UNIX system's file protection model. Whereas UNIX file system permissions are limited to the protection of files and directories, DCE ACLs can also control access to other objects, such as individual database entries, objects registered in the cell namespace, and objects managed by applications.