Target and delegate restrictions are expressed as a list of values of type sec_id_restriction_t. This data type consists of a UUID and an entry type. The entry type specifies whether the UUID identifies a principal, a group, or "any other'' principals (in a manner similar to the any_other ACL entry type). As in ACL entry types, the target restriction entry types can refer to principals and groups from the local cell or from foreign cells.
The possible delegation entry types are as follows:
· sec_rstr_e_type_user
The target or delegate is a local principal identified by UUID.
· sec_rstr_e_type_group
The target or delegate is any member of a local group identified by UUID.
· sec_rstr_e_type_foreign_user
The target or delegate is a foreign principal identified by principal and cell UUID.
· sec_rstr_e_type_foreign_group
The target or delegate is any member of a foreign group identified by group and cell UUID.
· sec_rstr_e_type_foreign_other
The target or delegate is any principal that can authenticate to the foreign cell identified by UUID.
· sec_rstr_e_type_any_other
The target or delegate is any principal that can authenticate to any cell.
· sec_rstr_e_type_no_other
No principal can act as a target or delegate.