Software Distributor Administrator Guide (September 2010)
Table 9-11 Product Permissions (continued)
Permission to edit or change the ACL.
c (control)
Permission to test access to an object.
t (test)
A sample product ACL that grants user swadm and the creator of the product all
permissions and allows open read permission (allowing free distribution to all systems)
would be:
user:swadm:crw
object_owner:crw
any_other:-r-
NOTE: When a product object is created, it is automatically protected by a default
ACL from the depot/root source or, absent that, one from the host.
9.5.4 ACL Templates
There are two ACLs that are used to create the initial ACLs that protect newly created
objects: product ACL templates (global_product_template or
product_template) and container ACL templates (global_soc_template).
Figure 9-2 ACL Templates
Host Object ACL
Host Object
Depot Object ACL Depot Object ACL
Root A
Root Object ACL
Root B
Root Object ACL
Master Product ACL Template
(global_product_template )
Depot A Depot B
Container ACL Template
(global_soc_template )
Product
ACL
Product
M
Product
ACL
Product
N
Product
ACL
Product
P
Product
ACL
Product
Q
M P Q N M
(Installed Products protected
by Root ACLs.)
Product ACL Template
(product_acl )
Product ACL Template
(product_acl )
When a product is put into a depot with swcopy or swpackage, SD-UX uses a product
ACL template (provided by the depot that contains that product) to define the initial
permissions of the new product’s ACL.
206 SD-UX Security