Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Print Service Administration For Version 10.4 or Later
21222324252627282930
Chapter 1 Overview of File Services 21
Access Control Entries
An access control entry (ACE) is an entry in an ACL that specifies, for a group or a user,
access permissions to a file or folder, and the rules of inheritance.
What’s Stored in an ACE
An ACE contains the following fields:
User/Group
Permission Type
Permission
Inherited
User/Group
An ACE stores a universally unique ID for a group or user, which permits unambiguous
resolution of identity.
Permission Type
An ACE supports two permission types:
Allow—If you choose Allow, you grant permissions by selecting them in Workgroup
Manager.
Deny—If you choose Deny, you withhold permissions by deselecting them in
Workgroup Manager.
Permission
This field stores the settings for the 13 permissions supported by the Apple ACL model.
Inherited
This field specifies whether the ACE is inherited from the parent folder.
Explicit and Inherited ACEs
Workgroup Manager supports two types of ACEs: Explicit ACEs and inherited ACEs.
Explicit ACEs are the ones you create in an ACL (see “Adding ACEs to ACLs” on page 44).
Inherited ACEs, however, are ACEs you have created for a parent folder, which have
been inherited by a descendant file or folder.
To help you tell the difference between explicit and inherited ACEs, Workgroup
Manager displays inherited ACEs as dimmed entries.
Note: Inherited ACEs cannot be edited unless you make them explicit. Workgroup
Manager allows you to convert an inherited ACE to an explicit ACE. See “Making a
Folders Inherited ACE Entries Explicit” on page 46 for more information.
Understanding Inheritance
ACL inheritance lets you determine how permissions pass from a folder to all its
descendants.