Permissions attribute

Each ACL entry contains a set of permissions (actions) describing the specific operations permitted on the object by the user or group. Permissions are context-sensitive.

The behavior of certain permissions varies according to where the permissions are applied. For example, the modify permission (m action bit) behaves differently for protected resources in the /WebSEAL object space than for protected resources in the /Management object space. Permissions control protected resources in the following ways:

• Determine Whether a user can do operations on protected objects
• Determine Whether an administrator can change security policy on the object and any object that inherits permissions
• Determine Whether Security Verify Access itself can delegate credentials for a user

Parent topic: ACL entries