PreviousNext

The ACL Network Interface

The ACL network interface, rdacl_*( ), provides a DCE-common interface to ACL managers. It is the interface exported by the default DCE ACL managers to the default DCE ACL client (that is, the dcecp tool), and any other client based on the client API.

The client API, sec_acl_*( ), is a local interface that calls a client-side implementation of the ACL network interface. The server side implementation of this interface must conform to the rdacl_*(3sec) reference pages. The DCE ACL library provides such an implementation. Following is a summary of the rdacl_*( ) routines:

· rdacl_lookup( )

Retrieves a copy of the object's ACL.

· rdacl_replace( )

Replaces the specified ACL.

· rdacl_get_access( )

Returns a principal's permissions to an object (useful for implementing operations like the conventional UNIX system access function).

· rdacl_test_access( )

Determines whether the calling principal has the requested permission(s).

· rdacl_test_access_on_behalf( )

Determines whether the principal represented by the calling principal has the requested permission(s). This function returns TRUE if both the principal and the calling principal acting as its agent have the requested permission(s).

Note: The rdacl_test_access_on_behalf( ) routine is deprecated and should not be used in new code. Delegation has removed the need for this routine.

· rdacl_get_manager_types( )

Returns a list of manager types protecting the object.

· rdacl_get_printstring( )

Obtains human-readable representations of permissions.

· rdacl_get_referral( )

Returns a referral to an ACL update site. This function enables a client that attempts to modify an ACL at a read-only site to recover from the error and rebind to an update site.