Type attribute

The type attribute of an ACL entry type identifies the user, group, or special entity for a specific ACL entry. Supported types:

user

Set permissions for a specific user in a domain. The user must be a member of the domain with an account in the registry. The user entry type requires a user name (ID). The entry format is user ID permissions:

user anthony -------T-----r-

group

Set permissions for all members of a specific group in a domain. The group entry type requires a group name (ID). The entry format is group ID permissions:

group engineering -------T-----r-

any-other

Set permissions for all authenticated users. No ID designation is required. The entry format is any-other permissions:

any-other   -------T-----r-

The any-other entry type is also known as any-authenticated.

unauthenticated

Set permissions for users not authenticated by the policy server. No ID attribute is required in the ACL entry. The entry format is unauthenticated permissions:

unauthenticated -------T-----r-

This ACL entry is a mask (a bit-wise and operation) against the any-other ACL entry to determine the action set. A permission for unauthenticated is granted only if the permission also appears in the any-other entry. For example, when unauthenticated has read and write permissions and any-other has transverse and read permissions, the resulting action set is read only. This example is shown in the following equation:

   unauthenticated -------------rw
+  any-other       -------T-----r-
                   -------------r-

Parent topic: ACL entries