An ACL consists of the following:
· An ACL manager type identifier, which identifies the manager type of the ACL.
· A default cell identifier, which specifies the cell of which a principal or group identified as local is assumed to be a member. A DCE global pathname is necessary to specify a principal or a group from a nondefault cell; this consists of a pair of UUIDs representing the principal or group, and the cell of which it is a member. It is necessary to use the ID Map API to convert the global print string names of foreign principals and groups to the UUID representations that DCE ACL managers use. (Refer to The ID Map API for more information on this subject.)
· At least one ACL entry.
The rest of this topic discusses ACLs primarily from a user-interface point of view, since this perspective provides an orientation to the discussion of the ACL API in this part.