The DCE authorization protocol is based in part on the UNIX file-protection model, but is extended with ACLs. An ACL is a list of access control entries that protects an object. Each entry in the ACL specifies a set of permissions. Usually, most of the entries in the ACL specify a privilege attribute (such as membership in a group) and the set of permissions that may be granted to the principal(s) that possesses that privilege attribute. Some other entries specify a set of permissions that may mask the permission set in a privilege attribute entry.
Every ACL is managed by an ACL manager type. An ACL manager type determines a principal's authorization to perform an operation on an object by reading the object's ACL to find the appropriate entry (or entries) that matches some privilege attribute possessed by the principal. If the type of access requested by the principal is one of the permissions listed in the matching entry, and assuming no applicable mask entry denies that permission, then the ACL manager type allows the principal to perform the requested operation. If the requested permission is not listed in the matching ACL entry, or is denied by a mask, permission to perform the operation is denied. Permission to perform the operation is also denied if the ACL contains no matching privilege attribute entry.
Unlike UNIX file permissions, DCE ACLs are not limited to the protection of file system objects such as is, files, directories, and devices. ACLs may also control access to nonfile-system objects, such as the individual entries in a database.
Note: The implementation of DCE ACLs is aligned with POSIX P1003.6 Draft 12.
In the discussions in this topic, we use the general term name to refer to a principal, group, or cell identifier; but readers should always bear in mind that these names have two representations: as UUIDs in ACL program interfaces and as print strings in user interfaces.
More: