Access control lists and principals

With ACLs enabled in a VOB, the access checks performed in VersionVault compare a process's credentials against an effective ACL associated with an object (VOB object, element, policy, or rolemap).

The generated effective ACL (derived from a rolemap and its implemented policy) will list users, groups, or one of the special principal kinds. The groups used in ACLs are not limited to the VOB's groups. The groups and users listed in a policy or rolemap can be any group that is known both to the VOB server's operating system and to the file system storing the VOB's elements. For example, when using NFSv4 filer storage, the VOB server and the filer both need to be able to identify the user name or group name.