PreviousNext

Object Types and ACL Types

The ACL facility distinguishes between two types of objects: container objects and simple objects. Container objects contain other objects, which may be simple and/or other container objects. Simple objects do not contain other objects. Examples of container objects include file-system directories and databases; examples of simple objects include files and database entries.

To protect both object types, and to enable newly created objects to inherit default ACLs from their parent container objects, the ACL facility supports two basic kinds of ACLs:

· An Object ACL is associated with either a container or a simple object, and controls access to it.

· A Creation ACL is associated with a container object only. Its function is not to control access to the container but to supply default values for the ACLs of objects created in the container. There are two types of Creation ACLs:

- An Initial Object Creation ACL supplies default values for a simple object's Object ACL and for a container object's Initial Object Creation ACL.

- An Initial Container Creation ACL supplies default values for both a container object's Object ACL and its Initial Container Creation ACL.

The following figure illustrates how ACL defaults are derived from Creation ACLs.


Derivation of ACL Defaults

Aside from the distinctions previously described, there are no differences between Object ACLs and Creation ACLs; therefore, the information about ACLs in the rest of this topic does not differentiate between them.