Application of ACL policies to different object types
We can set permissions for various operations in an ACL policy. Only a subset of these possible operations might be relevant for a specific object to which the ACL policy is attached. The reason for this behavior is related to the following Security Verify Access features that are designed to make administration easier:
- ACL policies
- ACL inheritance
Use ACL policies to use the same set of permissions to multiple objects in the protected object space. The ACL policy contains enough permissions to meet the requirements of all objects to which the ACL applies. However, each individual object might be affected by only a few of these permissions.
In an ACL inheritance model, any object might not have an explicitly attached ACL policy. The object inherits the policy definitions from the nearest attached ACL policy to an object above it in the hierarchy.
In summary, an ACL policy describes the necessary permissions for all object types to which it can apply, and the object to which it is attached.
Parent topic: Sparse security policy model