DCE entities expect to be able to access other DCE entities' objects' ACLs through a standard set of DCE routines, knowing nothing more than the names of the objects. The names of the objects are in the form of CDS path names.
The DCE ACL library is an implementation of the remote ACL (rdacl) interface, designed in such a way as to allow any DCE application to use it instead of having to implement the interface itself. In DCE 1.0, applications that wished to use the DCE ACL functionality had to implement the full remote interface themselves; in DCE 1.1 this is no longer true. Once an application has registered certain information with the ACL library (see The Requirements), its ACL management information will be hooked into the remote ACL implementation routines that make up the DCE ACL library.
Of course, an application still must take care of the details of storing and retrieving its ACLs (though these tasks are now made much easier by the DCE backing store library routines), setting up definitions that determine how its ACLs are interpreted, and so on. Practical examples of how to do these things can be found in the DCE sample application (fully documented in A Sample Application), which is explained in the following topics.
For more detailed information about the interfaces mentioned below, see the OSF DCE Application Development Guide - Core Components.
More:
Object Name Resolution Routine
How the ACL Library Routines Extract and Evaluate ACLs
Backing Store Database Items and Headers
The server_get_local_principal_id Routine
The server_acl_mgr_setup Routine
The server_acl_mgr_close Routine
The server_rdacl_export Routine
The server_rdacl_cleanup Routine
The sample_resolve_by_name Routine