The registry database comprises three container objects:
· principal
Contains principal names; each name is associated with account information that is also specified here (for example, the name of the primary group)
· group
Contains groups and the names of their member principals
· organization
Contains organizations and the names of their member principals
These three objects are referred to as name domains, and each member of a domain is referred to as a PGO item. Principal items are contained in the principal domain, groups in the group domain, and organizations in the organization domain. A principal may have a name such as /rd/writers/tom, from which you might infer that tom is a member of the group writers and the organization rd. However, this is not the case because the name /rd/writers/tom only indicates that tom and the data corresponding to the account of this principal (if any) reside in /rd/writers in the principal domain. There may also be a group named /rd/writers in the group domain, but the principal tom is not a member unless he is explicitly named in the group /rd/writers in the group domain.
Each PGO item consists of a print string name, a UUID, and a UNIX number (for compatibility with UNIX system security interfaces). For various administrative reasons, it is frequently convenient to be able to refer to a PGO item by more than one name. Consequently, some PGO items are aliases for other items. An alias uses the same UUID and UNIX number as the PGO item to which it refers, but contains only a pointer to that item.
The registry also contains the rgy object, which describes registry properties and policies, and organization policies.
More:
Creating and Maintaining PGO Items
Creating and Maintaining Accounts
Registry Properties and Policies
Routines to Return UNIX Structures
Miscellaneous Registry Routines