Default ACL policies

We can add entries for users, groups, any-other (any-authenticated), and unauthenticated to provide a broader range of control. These entries can better meet the requirements of your protected object space.

Users and groups with the control (c) permission own the ACL and have the power to modify the ACL entries.

A detailed description of permissions can be found in Default permissions in the primary action group.

The following default ACL policies are suggested starting points for securing management operations in a domain:

default-root ACL policy

The ACL policy for the entire object space is the default-root ACL policy. This ACL policy includes the following users and permissions: 

group iv-admin               TcmdbvaBR
any-other                    T
unauthenticated              T

The default-root ACL policy is a basic policy that enables everyone to traverse the object space, but they cannot do any other actions. Typically, you would not need to change this setting. Use the default-root ACL policy to quickly deny access to the entire object space for an individual user or group. Consider the following entry in the default-root ACL policy: 

user john                    -----------------

The user john has no permissions. This user cannot even traverse the root container object. The user cannot access the protected object space regardless of any permissions that are granted lower in the tree.

default-management ACL policy

The default ACL policy of the /Management container object is the default-management ACL policy. At installation, this ACL policy is attached to the /Management container object in the object space. This ACL policy includes the following users and permissions: 

group iv-admin               TcmdbsvaBtNWAR
group ivmgrd-servers         Ts
any-other                    Tv

default-replica ACL policy

The default ACL policy for the /Management/Replica container object is the default-replica ACL policy. This ACL policy includes the following users and permissions: 

group iv-admin               TcbvaBR
group ivmgrd-servers         m
group secmgrd-servers        mdv
group ivacld-servers         mdv

default-config ACL policy

The default ACL policy for the /Management/Config container object is the default-config ACL policy. This ACL policy includes the following users and permissions: 

group iv-admin               TcmdbsvaBR
any-other                    Tv
unauthenticated              Tv

default-gso ACL policy

The default ACL policy for the /Management/GSO container object is the default-gso ACL policy. This ACL policy includes the following users and permissions: 

group iv-admin               TcmdbvaBNR
any-other                    Tv
unauthenticated              Tv

default-policy ACL policy

The default ACL policy for the /Management/Policy container object is the default-policy ACL policy. This ACL policy includes the following users and permissions: 

group iv-admin               TcmdbvaBNR
any-other                    Tv
unauthenticated              Tv

default-domain ACL policy

The default ACL policy for the /Management/Domain container object is the default-domain ACL policy. This ACL policy includes the following users and permissions: 

group iv-admin        TcmdbvaBNR
group ivmgrd-servers  v

default-proxy ACL policy

The default ACL policy for the /Management/Proxy container object is the default-proxy ACL policy. This ACL policy includes the following users and permissions: 

group iv-admin        Tcbv
group ivmgrd-servers  Tg

Parent topic: Default security policy