Manualshelf

HP Distributed Print Service Administration Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
241242243244245246247248249250
Chapter 8 239
Managing DCE Security for HPDPS
Giving Your DCE Groups Permissions to HPDPS Objects
PhysPrt1 cannot inherit and will not grant the new permissions. There
are two ways to make PhysPrt1 grant the new permissions:
1. You can set the new permissions on the PhysPrt1 entry individually.
2. You can delete PhysPrt1, grant the new permissions to the printer
directory, and then create PhysPrt1 again. Its entry in the security
directory will then inherit the new permissions from the
/.:/pdsec/Super203/printer directory.
As you can see, DCE permissions can only be made to propagate
downward if the entries you want to affect have not yet been created;
they are created when their corresponding HPDPS object is created. For
this reason, before you go on to create any more objects, decide to which
groups the objects should grant permissions. Then you can choose at
which level in the security directory to manipulate permissions.
Setting the Default Permissions Granted by a Server and All Its
Objects
The fastest way to create default permissions for one or more servers and
every object contained in the servers is to set permissions at the initial
object (IO) and initial container (IC) access control list (ACL) of
the/.:/pdsec directory before you create the servers. The ACLs of the
servers that you subsequently create will inherit these permissions.
The word "container" in the IC permissions refers to the entries in the
DCE namespace that can contain other entries. The/.:/pdsec directory
is a container. Each server entry (that is, subdirectory) is a container and
the printer and queue entries also are containers. The last entry in the
directory for the HPDPS printer object PhysPrt1 is not a container.
Figure 8-1 shows how DCE permissions propagate.