This example illustrates the impact of a mixture
of inherited and explicit ACL policies in the fictional ACME corporate
object space.
A corporate object space has a general security policy set at the
root object. Root is followed by the /WebSEAL container
object and individually controlled departmental subtrees.
In this example, the sales group is given ownership
of its departmental subtree. The ACL policy on this subtree no longer
acknowledges the unauthenticated or any-other entry
types.
The ytd.html file has an attached ACL policy that grants read permission to
members of the sales-vp group (who are also members of the sales
group).
Note: This ACL policy scheme does not need to be changed when users are added to or removed
from the domain. Users can be added to or removed from the existing groups.
