default-root ACL policy
During the installation and initial configuration of ISAM, the ACL policy for the entire object space is created and explicitly set. This ACL policy is the default-root ACL policy and includes the following users and permissions:
group iv-admin TcmdbvaBR any-other T unauthenticated T
Security Verify Access checks inheritance beginning with the root of the protected object space. If we do not explicitly set an ACL policy on any other object in the tree, the entire tree inherits this root ACL policy.
There is always an explicit ACL policy set at the root of the protected object space. An administrator can replace this ACL policy with another ACL policy that contains different entries and permission settings. However, the administrator cannot completely remove the root ACL policy. See Permissions attribute.
Parent topic: Sparse security policy model