ACL Interpretation
Part of the information associated with an account is a principal and a set of groups. (The groups are called a project list in this context, in honor of its Multics origin.)
Together, the principal and project list are called the privilege attributes (or client-side access control information) associated with the account.
The principal and each of the groups is represented by both a string name and a UUID. The privilege attribute UUIDs are contained in the credentials that are used in authenticated remote procedure
calls (RPCs). Servers grant access based upon the contents of credentials received in RPCs. Although servers typically reject unauthenticated RPCs, any server can support a policy of accepting
them. In that case, the server's ACL manager must support the unauthenticated mask ACL entry type so that the server can further restrict the access granted to such unauthenticated clients.
When a principal requests access to a DCE object associated with an ACL, the object's ACL manager compares the UUIDs of the principal and any groups of which the principal is a member (the
principal's privilege attributes) with the UUIDs of the principals and groups listed in the ACL entry. It does this simply by reading through the list of ACL entries. The manager grants the access
permissions in the first ACL entry (or entries in the case of groups) it finds that match any of the principal's privilege attributes. If the permissions in the matching entry allow the requested
mode of access, the principal gains access; if not, access is denied.
|