Permissions attribute
Each ACL entry contains a set of permissions (actions) that describes the specific operations that are permitted on the object by the user or group. Permissions are context-sensitive.
The behavior of certain permissions varies according to where the
permissions are applied. For example, the modify permission (m action
bit) behaves differently for protected resources in the /WebSEAL object
space than for protected resources in the /Management object
space.
Permissions control protected resources in the following ways:
- Determine whether a user can do operations on protected objects
- Determine whether an administrator can change security policy on the object and any object that inherits permissions
- Determine whether Verify Identity Access itself can delegate credentials for a user