Sparse security policy model

To secure network resources in a protected object space, each object must be protected by security policy. We can assign security policy to an object in one of following ways:

• Attach an explicit security policy on the object.
• Allow the object to inherit its security policy from a preceding container object in the hierarchy.

Adopting an inherited security scheme can greatly reduce the administration tasks for a domain. This section describes the concepts of inherited, or sparse security policies.

• Security policy inheritance
  
• default-root ACL policy
  
• Control permission
  
• Traverse permission
  
• Resolution of an access request
  
• Application of ACL policies to different object types
  
• ACL policy inheritance example
  

Parent topic: Default security policy