/Management/ACL permissions
Use this object to do high-level ACL management tasks that can affect the security policy for the domain.
Permission Operation d (delete) Delete an existing ACL policy. m (modify) Create an ACL policy. v (view) List and find view ACLs; show ACL details. This permission must be in an entry of an ACL attached to the /Management/ACL object.
The acl find command shows the list of protected resources where this ACL is attached. We must have the view (v) permission on those protected resources before they can be shown.
Create ACL administrator entries in the effective ACL policy for the /Management/ACL object. The ACL entry of an administrator might contain any of the permissions listed in the table. These permissions give the administrator powers to create, view, and delete ACL policies.
An ACL administrator cannot modify an existing ACL unless there is an entry in that ACL for the administrator containing the control (c) permission. Only the owner of an ACL can modify its entries.
The creator of a new ACL policy (m on /Management/ACL) becomes the first entry in that ACL with the TcmdbsvaBIR permissions set by default.
For example, if sec_master is an administrator entry in the default-management ACL, with m permission, sec_master can create an ACL policy. User sec_master becomes the first entry in the new ACL, with TcmdbsvaBIR permissions.
Ownership of the default-management ACL itself is given to the iv-admin group by default.
Parent topic: /Management permissions