As a rule, DCE Security Service interfaces are local client-side APIs only. The access control list (ACL) facility includes this kind of interface, and some others as well, as follows:
· The DCE client ACL interface, sec_acl_*( ), is a local interface that calls a client-side implementation of the ACL network interface. It enables clients to browse or edit DCE ACLs.
· The DCE server ACL manager library, dce_acl_*( ), enables servers to perform DCE-conformant authorization checks at runtime. This ACL library provides an implementation of the ACL manager interface and the ACL network interface. It supports the development of ACL managers for DCE servers.
· The DCE ACL network interface, rdacl_*( ), enables servers that manage access control to communicate with sec_acl-based clients.
The following figure provides a schematic view of the relationships and usage of these interfaces, as well as some relevant RPC interfaces. This topic first discusses the client API, and then the two server program interfaces.
ACL Program Interfaces