Overview - Using Access Control Lists
You can control access to DCE objects by using the ACL authorization mechanism. ACLs are associated with files, directories, CDS entries, and registry objects. They can be implemented also by arbitrary applications to control access to their internal data objects. Each ACL consists of multiple ACL entries that define who is authorized to do what to the object, specifically
· Who can access the object
· What kinds of access those principals or groups have to the object
· What kind of access is allowed to unauthenticated users
This topic
· Provides an overview of ACLs.
· Describes the form and purpose of ACL entries and masks, including the sequence in which entries are checked to derive permissions.
· Describes how to use the DCE control program (dcecp) to display, create, modify, and delete ACL entries; to use masks; to copy ACLs; and to edit different types of ACLs.
For detailed information on how a specific DCE component implements the ACL authorization mechanism, see the appropriate part of this guide.
Note: In the discussions of DCE authorization in this topic and the topics that follow, the term user is analogous to principal. A principal can be a human user, server, or a machine.