Glossary

Access Control List

Access Control List (ACL): Security
Security: Data that controls access to a protected object. An ACL specifies the privilege attribute(s) needed to access the object and the permissions that can be granted, with respect to the protected object, to principals that possess such privilege attribute(s).

Access Control List (ACL): DFS
DFS: The following ACL permissions are defined for file system objects:

1. read (abbreviated r): allows you to read a file or, with x, list a directory and the ACLs of its objects.

2. write (abbreviated w): allows you to modify a file or, with i, add a new object to a directory or, with d, remove an object from a directory.

3. execute (abbreviated x): allows you to execute a file or, with r, list a directory and the ACLs of its objects.

4. control (abbreviated c): allows you to modify a file's ACLs or a directory's ACLs.

5. insert (abbreviated i): with w, allows you to add a new object to a directory or, with w and d, rename an object in a directory.

6. delete (abbreviated d): with w, allows you to remove an object from a directory or, with w and i, rename an object in a directory.

Access Control List (ACL): CDS
CDS: The following ACL permissions are defined for CDS

1. read (abbreviated r): allows a principal to look up a name and view the attribute values associated with it.

2. write (abbreviated w): allows a principal to change the modifiable attributes associated with a name, except its ACLs.

3. insert (abbreviated i): (for use with directory entries only) allows a principal to create new names in a directory.

4. delete (abbreviated d): allows a principal to delete a name from the namespace.

5. test (abbreviated t): allows a principal to test whether an attribute of a name has a particular value without being able to actually see any of the values (that is, without having read permission to the name). Test permission provides application programs with a more efficient way to verify a CDS attribute value. Rather than reading an entire set of values, an application can test for the presence of a particular value.

6. control (abbreviated c): allows a principal to modify the ACL entries associated with a name. Control permission is automatically granted to the creator of a CDS name.

7. administer (abbreviated a): (for use with directory entries only) allows a principal to issue cdscp commands that control the replication of directories.

Access Control List (ACL): GDS
GDS: A recurring attribute of an entry for specifying the access authorization for an object. The following ACL permissions are defined for GDS:

1. MODIFY PUBLIC: specifies the user, or subtree of users, that can modify attributes classified as public attributes.

2. READ STANDARD: specifies the user, or subtree of users, that can read attributes classified as standard attributes.

3. MODIFY STANDARD: specifies the user, or subtree of users, that can modify attributes classified as standard attributes.

4. READ SENSITIVE: specifies the user, or subtree of users, that can read attributes classified as sensitive attributes.

5. MODIFY SENSITIVE: specifies the user, or subtree of users, that can modify attributes classified as sensitive attributes.