Access Control
Each user of an ACAP system has specific rights to the data stored on it. These rights are also called permissions or privileges. They define whether the user is allowed to read or write the data and whether the user can change the rights of others. Rights can be finely controlled: datasets and even attributes within an entry can have rights attached to them. As with other ACAP features, rights may be inherited from parent datasets.
Rights are stored on an ACAP server in Access Control Lists (ACLs). ACLs are stored as an attribute in the particular entry for which data is being restricted.
Rights for attributes are given as a list of values. The following characters are used to identify the rights for an attribute:
- x
Special search (see the description that follows)
- r
Read
- w
Write (change existing entries)
- i
Insert (write new entries)
- a
Administer (change rights)
Search rights and read rights are complementary but a bit confusing. Search rights give a user the ability to compare the value of one attribute or dataset with another. Read rights allow a user to search datasets with the SEARCH command.
ACAP’s SEARCH command is very powerful, as we shall see. The power of it becomes apparent when someone does a search like, “Give me contact information for all people who are in my address book who have email addresses in the netscape.com domain.” That type of complex search, which includes a comparison, takes search rights. A simple search, such as “Give me contact information for all ...
Get Programming Internet Email now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
