How Permissions Propagate to CDS Directories and Their ContentsBy creating all three ACL types (Object ACL, Initial Object Creation ACL, and Initial Container Creation ACL) for a directory, you can grant access not only to the directory itself but also to the directory's future contents and all child directories (and their contents) that may later be created. Note: Permissions do not propagate from parent cells down to child cells. You must set permissions for each child cell individually. For example, suppose you just created a new directory named /.:/sales. If you create an ACL entry of the Object ACL type that grants user Smith read permission to the /.:/sales directory, Smith can do the following: · Read the attributes associated with the /.:/sales directory. · Display the names stored in the /.:/sales directory. If you create a second ACL entry of the Initial Object Creation ACL type that grants user Smith read permission to the /.:/sales directory, Smith can do the following: · Read the attributes associated with the /.:/sales directory. · Display the names stored in the /.:/sales directory. · Read the attributes associated with all the names that you may later create in the /.:/sales directory, unless prohibited by explicit ACL modification after their creation. If you create a third ACL entry of the Initial Container Creation ACL type that also grants user Smith read permission to the /.:/sales directory, Smith can do the following: · Read the attributes associated with the /.:/sales directory. · Display the names stored in the /.:/sales directory. · Read the attributes associated with all the names that you may later create in the /.:/sales directory. · Perform all of the three preceding operations on all child directories that may later be created under the /.:/sales directory. (See Part 6 of this guide for complete information on default ACLs.)
|