VMS Help DCE_CDS, cdscp, DESCRIPTION, Permissions Required *Conan The Librarian (sorry for the slow response - running on an old VAX) |
CDS supports the following DCE permissions: read (r), write (w), insert (i), delete (d), test (t), control (c), and administer (a). Each permission has a slightly different meaning, depending on the kind of CDS name with which it is associated. In general, the permissions are defined as follows: Read Allows a principal to look up a name and view the attribute values associated with it. Write Permission allows a principal to change the modifiable attributes associated with a name, except the name's access control list (ACL) entries. Insert Permission (for use with directory entries only) allows a principal to create new names in a directory. Delete Permission allows a principal to delete a name from the namespace. Test Permission allows a principal to test whether an attribute of a name has a particular value without being able to actually see any of the values (that is, without having read permission to the name). Test permission provides application programs a more efficient way to verify a CDS attribute value. Rather than reading an entire set of values, an application can test for the presence of a particular value. Control Permission allows a principal to modify the ACL entries associated with a name. (Note that read permission is also necessary for modifying a CDS entry's ACLs; otherwise, acl_edit will not be able to bind to the entry.) Control permission is automatically granted to the creator of a CDS name. Administer Permission (for use with directory entries only) allows a principal to issue CDS control program commands that control the replication of directories. The creator of a name is automatically granted all permissions appropriate for the type of name created. For example, a principal creating an object entry is granted read, write, delete, test, and control permission to the object entry. A principal creating a directory is granted read, write, insert, delete, test, control, and administer permission to the directory.
|