A DCE access control list (ACL) is an authorization mechanism by which you control access to DCE objects such as databases, user or system applications, or directories. An ACL consists of a list of ACL entries. Each entry refers to one or more users and specifies what operations those users are permitted to perform on an object.
An object is the name of a DCE resource such as a CDS directory, a CDS entry, a DTS server, a Security Registry object, or a DCE application object.
The operations a user can perform are specified by permissions. For example, a user can add a coworker to an ACL for a certain file, and give the coworker read and write permission, thereby granting the coworker permission to read and write the file.
ACLs are automatically generated when objects are created; therefore, every DCE object has an associated ACL.
Some of the objects that ACLs control are managed by the DCE components, such as the Distributed Time Service, Cell Directory Service and the Security (Registry) Service. ACLs also can be managed by any user-written application to protect access to the use of the application itself, the files in the applications, and the fields in the files.
Related Topics: