Information about groups is maintained in the Registry Database by the DCE Security Service. (See the Security Service portion of the OSF DCE Administration Guide - Core Components for complete details about creating and maintaining groups.)
Using groups allows you to assign permissions to several users at one time, rather than assigning them individually. You can create user groups or special interest groups (for example, a group of all of the people from one department or a group of people who are working on one project) and then assign that group access to the appropriate files and directories.
You can also use groups to specify individuals who are permitted to perform administrative tasks; these individuals are specified in DFS administrative lists. DFS uses administrative lists to determine who is authorized to issue commands that affect filesets and server processes. Through administrative lists, you can precisely control the security in the administrative domains in your cell. This topic does not discuss the management of administrative lists in detail. (See Using Administrative Lists and Keytab Files for details about creating and maintaining administrative lists.)
You can also specify a group as an argument with certain DFS commands. The groups specified with these commands, like those included in certain administrative lists, define users who are allowed to issue commands that affect filesets. These groups are described in the following topics.
More:
Creating and Maintaining Groups
Using Groups with ACLs, Administrative Lists, and Commands
Suggestions for Administrative Groups