Type attribute
The type attribute of an ACL entry type identifies the user, group, or special entity for a specific ACL entry.
The following types are supported:
- user
- Sets
permissions for a specific user in a domain. The user must be a member
of the domain with an account in the registry. The user entry type
requires a user name (ID). The entry format is
user ID permissionsas shown in the following example:user anthony -------T-----r- - group
- Sets
permissions for all members of a specific group in a domain. The group
entry type requires a group name (ID). The entry format is
group ID permissionsas shown in the following example:group engineering -------T-----r- - any-other
- Sets permissions for all authenticated users.
No ID designation is required. The entry format is
any-other permissionsas shown in the following example:any-other -------T-----r-The any-other entry type is also known as any-authenticated.
- unauthenticated
- Sets permissions
for those users who are not authenticated by the policy server. No
ID attribute is required in the ACL entry. The entry format is
unauthenticated permissionsas shown in the following example:unauthenticated -------T-----r-This ACL entry is a mask (a bit-wise and operation) against the any-other ACL entry to determine the action set. A permission for unauthenticated is granted only if the permission also appears in the any-other entry.
For example, when unauthenticated has read and write permissions and any-other has transverse and read permissions, the resulting action set is read only. This example is shown in the following equation:unauthenticated -------------rw + any-other -------T-----r- -------------r-