Access Authority by Class
Valid access values depend on the class the resource belongs to. The following table lists valid access values by class in the AC environment.
capamsc141
Valid access values depend on the class the resource belongs to. The following table lists valid access values by class in the AC environment.
Class | Valid Access Values | Lets Accessors... |
All classes | all | Perform all valid operations for the class. |
none | Perform no valid operations for the class. | |
ADMIN | create | Create records in this class. |
delete | Delete records in this class. | |
join | Add a group to a USER record and to complete the linking of a user to a group. Note: The accessor must also have modify access. | |
modify | Modify existing records. Note: To link a user to a group (add user names to GROUP records) the accessor must also have join access. | |
password | Change the passwords of other users. Note: This access type affects only the USER class. | |
read | List records in this classes | |
AUTHHOST | read | Login from an authenticated host. |
CONNECT | read | Connect to the remote host. |
CONTAINER | inherited
| Note: Valid access values for this class are the valid values for the class of the contained objects. |
DOMAIN | chmod | Create and delete trust relationships between one domain and another. Note: Both domains must have this access type. |
execute | Add or delete members from the domain. | |
read | List domain members. | |
FILE, GFILE | chdir | Access the directory with the equivalent of read and execute permissions. |
chmod | Change file system modes. Note: Only applicable on UNIX hosts. | |
chown | Change the owner of the record. | |
control | Perform all valid operations except delete and rename . | |
create | Create records in this class. | |
delete | Delete records in this class. | |
execute | Execute a program. Note: The accessor must also have read access. | |
read | Use a file or directory without changing it. Note: On UNIX, if you want read privileges to control whether users can perform operations that obtain information about the file (such as ls -l), set the STAT_intercept configuration setting to 1. For more information, see the Reference Guide . | |
rename | Rename to a record in this class. | |
sec | Change the ACL of records in this class. | |
update | Perform the combined operations of read , write , and execute . | |
utime | Change the modification time of a file. Note: Only applicable on UNIX hosts. | |
write | Change the file or directory. | |
HNODE | read | List records in the class. |
write | Edit the details of the record. | |
HOLIDAY | read | Log in during the specified holiday. |
KMODULE | load | Load a kernel module. |
unload | Unload a kernel module. | |
MFTERMINAL | read | Log in from the Mainframe terminal. |
write | Administer from the Mainframe terminal. | |
POLICY | delete | Delete the policy. |
execute | Deploy the policy. | |
read | View policy details. | |
write | Edit the details of the record. | |
undeploy | Perform the combined operations of delete and execute . | |
PROCESS | read | Kill the process. |
PROGRAM, SUDO, GSUDO | execute | Execute a program. |
REGKEY | delete | Delete a Windows registry key. |
read | List the contents of the Windows registry key. | |
write | Change the Windows registry key. | |
REGVAL | delete | Delete a Windows registry value. |
read | Read a Windows registry value. | |
write | Change a Windows registry value. | |
RULESET | read | View the details of the record. |
write | Edit the details of the record. | |
SURROGATE | execute | Surrogate to the user. |
TCP | read | Access TCP services from remote hosts or host groups. |
TERMINAL, GTERMINAL | read | Log in to the terminal. |
write | Administer the terminal. | |
UACC | inherited
| Note: Valid access values for this class are the valid values for the class it is defining. |
WINSERVICE | read | View the properties of the Windows service. |
start | Start the Windows service. | |
modify | Change the properties of the Windows service. | |
resume | Resume a paused Windows service. | |
stop | Stop a Windows service. | |
pause | Pause a Windows service. |
The values none and all are applicable to all classes. The value all represents the entire group of access values, other than none, for a particular class. For more information about access authority, see the
Endpoint Administration Guide
for your OS.