Manualshelf

Software Distributor Administrator Guide (September 2010)

ManualsBrandsHP ManualsSoftwareHP-UX Software Distributor
201202203204205206207208209210
In the ACL entry, these permissions are abbreviated c, t, i, w, and r. To grant all
permissions, you may use the shorthand letter a instead of the crwit to denote all
permissions.
The meaning of permissions is different for different types of objects, and the
permissions do not have to appear in any specific order. Roots do not provide product
level protection, so all permissions on products installed on roots are controlled by the
ACL protecting the root itself.
Product level protection is provided on depots in this way: the depot’s ACL protects
the depot itself while product ACLs protect the products within the depot.
The table below summarizes SD-UX object permissions and ACLs to which they may
be applied.
Table 9-6 SD-UX ACL Permission Definitions
Allows You To:Permission
Product on DepotDepotRootHost System
Edit all ACLs
c (control)
Test access to an object, read (list) the ACL itself
t (test)
N/AInsert a new
product
Insert a new productInsert a new depot
or root
i (insert)
Change productChange depotChange root or
products
Change host
w (write)
1
Read product filesList depot and
product attributes
List root and
product attributes
List depots and
roots
r (read)
2
1 Write permission means permission to change or delete the object, except the host source object may
not be deleted.
2 Read permission on containers (i.e., hosts, roots, and depots) lets a user list the container contents; on
products within depots, read permission lets a user copy or install the product.
9.5.3 Object Protection
The control of product insert and delete permissions differs between roots and depots.
The permission for anyone to insert or delete a product on a root is contained within
the root’s ACL. If you have write permission on a root, you can change or delete any
product on that root; there is NO product level control on roots.
The depot ACL controls insertion (creation) of new products, while the inserted object
has its own ACL that controls modification and deletion. This lets the creator (owner)
of a product on a depot change or delete the product without requiring the broader
write permission that could affect other users’ products on the same depot.
202 SD-UX Security