ACLs and POPs must attach to lower-case object names

When a junction is created with the -w or -i option, WebSEAL performs ACL and POP comparisons as not case-sensitive. This means the name of any object being evaluated for an ACL is placed into lowercase before WebSEAL checks it against the object list to which ACLs are attached.

As a result, protected objects with names that contain uppercase letters are not found during the ACL or POP checks. If these objects are not found, the ACL or POP is not applied to the protected object, and the parent policy is applied instead.

To avoid the possible misapplication of policy in this configuration, we must create lowercase versions of the same names of the real protected objects to which we want to attach explicit ACLs or POPs.

Parent topic: Junctions to Windows file systems