There are certain situations in which it is desirable to put restrictions on who has access to which objects. DCE ACLs provide a richer and more flexible set of entry types and permissions than the ones available in standard operating systems.
For example, DCE ACLs provide the following categories:
· Specific named users in the ACL's home cell and other cells.
· Specific groups in the home cell and other cells.
· All other users from the home cell.
· All other users from named cells other than the home cell.
· All other users not referenced in any other entries.
ACLs are the only mechanism provided by DCE for users to control access to their objects. Because any user can own an object, the ability to edit ACLs is needed by all types of users including end users, application writers, and system administrators.