If the client's request is determined to be properly authorized, then the requested operation can proceed.
Note that this step and steps D3 and D4 (as discussed in Overview of DCE Application Development Steps) are somewhat intertwined. Something like the following could occur:
1. The server wakes up in some routine defined in its manager code. For example, if the client executed the call my_rpc_op( ), then the server will wake up in the routine that implements this remote call.
2. Execution of the my_rpc_op( ) routine requires the insert privilege for the application's database my_database. So my_rpc_op( ) begins by checking the client's relevant privilege attribute by making an internal call to the application's ACL manager.
3. If the client is found to have the requisite privilege, my_rpc_op( ) proceeds.
The remote procedure executed in this step is written by the application developer.