Software Distributor Administration Guide HP-UX 11i v1, 11i v2, and 11i v3 (5900-2488, September 2012)
9.5.3.4 Product ACLs
Product ACLs only apply to products on depots. Products on roots are protected by the root’s ACL.
There are two classes of principals that are granted access rights to products:
Table 42 Product Principals
Granted various administrative permissions. This class includes groups and others, both local
and remote.
users
Target systems (agent/daemons) granted read permissions to allow product installation.hosts
Permissions on products are:
Table 43 Product Permissions
Permission to users to change and delete the product and/or product information.w (write)
Permission granted to target_hosts to read the source-depot product. (that is, grant permission
to a remote system to install the protected product).
r (read)
Permission to edit or change the ACL.c (control)
Permission to test access to an object.t (test)
A sample product ACL that grants user swadm and the creator of the product all permissions and
allows open read permission (allowing free distribution to all systems) would be:
user:swadm:crw
object_owner:crw
any_other:-r-
NOTE: When a product object is created, it is automatically protected by a default ACL from
the depot/root source or, absent that, one from the host.
9.5.4 ACL Templates
There are two ACLs that are used to create the initial ACLs that protect newly created objects:
product ACL templates (global_product_template or product_template) and container
ACL templates (global_soc_template).
Figure 56 ACL Templates
When a product is put into a depot with swcopy or swpackage, SD-UX uses a product ACL
template (provided by the depot that contains that product) to define the initial permissions of the
new product’s ACL.
SD-UX uses the product ACL template of the host system (global_product_template) to
initialize the product ACL template of the new depot and uses the container ACL template of the
host system (global_soc_template) to initialize depot and root ACLs.
9.5 ACL Entries 159