Initial Registry ACLsWhen the registry database is created, the principal, group, and org directories and the policy, replist, and xattrschema objects are given initial ACLs. As new objects are created in the registry, they inherit their ACLs from the principal, group, and org directory ACLs. The ACL entry key for those initial ACL entries that require a key is the name of the principal that creates the registry database (supplied to the sec_create_db command as the registry creator), or root if no name is supplied. (See Setting Up the Registry for more information on sec_create_db and the registry creator.) The initial ACLs that are created when the registry database is created are described in the following list. In the list, rgy_creator signifies the principal that is named as the registry creator. Note: Your platform's configuration tool may update these initial ACLs. · For principal objects unauthenticated:r-------- user_obj:r---f--ug user:rgy_creator:rcDnFmaug other_obj:r-------g any_other:r-------- · For group objects unauthenticated:r-t----- user:rgy_creator:rctDnfmM group_obj:r-t----- other_obj:r-t----- any_other:r-t----- · For org objects unauthenticated:r-t----- user:rgy_creator:rctDnfmM other_obj:r-t----- any_other:r-t----- · For the policy object unauthenticated:r---- user:rgy_creator:rcma other_obj:r---- any_other:r---- · For directory objects unauthenticated:r----- user:rgy_creator:rcidDn other_obj:r----- any_other:r----- · For the replist object user:cell_admin:cidmA- · For the xattrschema object unauthenticated:r----- user:cell_admin:rcidm other_obj:r----- any_other:r-----
|