Exceptions to enforcing permissions across junctions

Certain Verify Identity Access permissions are not enforceable across a junction. You cannot control, for example, the execution of a CGI script with the x permission, or a directory listing with the l permission. WebSEAL has no means of accurately determining whether or not a requested object on a back-end server is, for example, a CGI program file, a dynamic directory listing, or a regular HTTP object.

Access to objects across junctions, including CGI programs and directory listings, is controlled only through the r permission.