[Next] [Up] [Previous] [Contents]
Next: 4.3.7 [IMAGE ]How do Up: 4.3 Administrator Previous: 4.3.5 [IMAGE ]What is

4.3.6 [IMAGE ]Where are access control lists stored?

 
change_begin

[ed. For more detailed and alternative answers see SecSIG mail list discussion thread titled ``Granularity of Invocation Access Controls'']

Bob Blakley
(June, 1999)23:
In Policy objects, which are associated with the DomainManager instance corresponding to the domain whose policy they define.
Polar Humenn
(June, 1999) 24:
If one subscribes to the D[omain]A[ccess]P[olicy]/R[equired]R[ights] access decision logic, they are stored in basically two places. A DomainAccessPolicy, which maps security attributes to rights (although that mapping is not well defined), and the RequiredRights object (which is locality constrained). I guess their persistence is up for grabs behind the implementation as far as the specifciation goes.

change_end