- Comparison of OS-defined groups and ACL authorization
Instead of assigning users to multiple OS-defined groups, ACLs enable you to assign elements into multiple groups, which simplifies authorization administration.
- Elements and ownership
Each element in a VOB is assigned an owner (recorded as a numerical-form user identifier) and a group (recorded as a numerical-form group identifier).
- Element mode bits in an ACL-enabled VOB
Elements in ACLs-enabled VOBs have both mode bits (Linux or the UNIX system-style owner/group/other protections of r,w,x) and ACLs.
- Access control lists and principals
With ACLs enabled in a VOB, the access checks performed in HCL VersionVault compare a process's credentials against an effective ACL associated with an object (VOB object, element, policy, or rolemap).
- Element container protection
An element's protection is reflected in the file system ACL on its container objects.
- VOB storage pool directories
Storage pool directories in ACLs-enabled VOBs are protected in the same way as in non-ACLs-enabled VOBs.
- Example of element group assignment
In this example, we create a VOB owned by a single group. Then we create two sets of elements, each protected to be readable to a specific group not listed in the VOB's group list.