Software Distributor Administrator Guide (September 2010)
9.5 ACL Entries
An ACL consists of a set of entries attached to an object when it is created. These entries
define which users, groups, and/or hosts have permission to access the objects. ACL
entries include the concept of a principal, which is the user, group or host system (for
agents making RPCs) that originates a call to another system.
An ACL entry consists of three fields:
entry_type[:key]:permissions
For example, an ACL entry for an SD-UX object might be:
user:fred:r-ctw
This means that a user named fred can control (c), read (r), write (w), and test
(t) the object, but the dash signifies that he cannot i (insert/create) new objects.
NOTE: You can specify crwit permissions in any order.
The ACL entry_type must be one of these values:
Table 9-3 SD-UX ACL Entry Types
Permissions Apply ToType
User principal, whose name is to be specified in the
key field
user
Group principal, whose name is to be specified in
the key field
group
Host systems (target agents acting on behalf of users
for install or copy)
host
Principals with no matching user and group entries
other
Principals not matching any other entry
any_other
Owner of the object
object_owner
Members of the group to which an object belongs
object_group
NOTE: The host cannot be specified in the IPv6 format. This feature is not supported
in ACL entries.
TIP: Do not confuse the host object (which is a computer system that contains depots, roots,
and software) with the host entry type (which defines permissions for access to target systems).
The user and group of the object’s owner are determined and automatically recorded
at the time the object is created (based on the identity of the person who creates it).
This information is recorded as user, group, and realm. An object_owner or
200 SD-UX Security