Permissions are the modes of access to a protected object. In DCE, the number and meaning of permissions with respect to the object are defined by the DCE component or DCE application to which the object belongs. For example, CDS supports r (read), w (write), i (insert), d (delete), t (test), c (control), and a (administer) permissions on directories, while DTS supports only r (read), w (write), and c (control) permissions on the DTS server principal. In other words, since each ACL component or application defines the permission meanings appropriate for the objects they control, the actual permissions and their meanings vary.
When you create an ACL entry for a user, you grant only the permissions you specify in the ACL entry to that user. If an ACL entry contains an empty permission set (indicated by dashes (-)), the users it refers to are denied access to the object. To deny a user all access to an object, create an ACL entry that contains no permissions.
See Change Permissions for help about permissions. Also see the OSF DCE documentation for the individual DCE components, or your application-specific documentation for detailed information about the permissions the components and the applications support.