HELPLIB.HLB  —  DCE  DCE_CDS, cdscp  DESCRIPTION  Permissions Required
   CDS supports the following DCE permissions: read (r), write (w),
   insert (i), delete (d), test (t), control (c), and administer (a).
   Each permission has a slightly different meaning, depending on the
   kind of CDS name with which it is associated.  In general, the
   permissions are defined as follows:

   Read      Allows a principal to look up a name and view the
  	    attribute values associated with it.

   Write     Permission allows a principal to change the modifiable
             attributes associated with a name, except the name's
             access control list (ACL) entries.

   Insert    Permission (for use with directory entries only) allows a
             principal to create new names in a directory.

   Delete    Permission allows a principal to delete a name from the
             namespace.

   Test      Permission allows a principal to test whether an attribute
             of a name has a particular value without being able to
             actually see any of the values (that is, without having
             read permission to the name).

             Test permission provides application programs a more
             efficient way to verify a CDS attribute value.  Rather
             than reading an entire set of values, an application can
             test for the presence of a particular value.

   Control   Permission allows a principal to modify the ACL entries
             associated with a name.  (Note that read permission is
             also necessary for modifying a CDS entry's ACLs;otherwise,
             acl_edit will not be able to bind to the entry.)  Control
             permission is automatically granted to the creator of
 	    a CDS name.

   Administer
             Permission (for use with directory entries only) allows
 	    a principal to issue CDS control program commands that
             control the replication of directories.

   The creator of a name is automatically granted all permissions
   appropriate for the type of name created.  For example, a principal
   creating an object entry is granted read, write, delete, test, and
   control permission to the object entry.  A principal creating a
   directory is granted read, write, insert, delete, test, control,
   and administer permission to the directory.
Close Help