Access Control List Support

To give or deny access authority, you can use six types of access control lists:
capamsc141
To give or deny access authority, you can use six types of access control lists:
  • ACL
    Standard access control list that contains the user names and group names authorized to access the resource and the level of access granted to each.
  • NACL
    Negative access control list that contains the user names or group names that are not authorized to access the resource.
  • PACL
    Program access control list that depends upon the accessing program. Each PACL contains the user names and group names, the level of access, and the name of the program or shell script the user must execute to access the particular resource.
  • INET-ACL
    Internet access control list.
  • CACL
    Conditional access control list.
  • AZNACL
    The authorization ACL; an ACL that allows access to a resource based on the resource description.
Privileged Access Manager
 uses all relevant lists when it checks a user's authority to access a resource.
You can maintain any single list with a single authorize command. To change more than one list you need to issue authorize again. You cannot define multiple access rights for multiple users and groups with one authorization rule. You must separate the rules.
The following table lists which access control lists you can use with each class. Classes that do not appear in the table have no access control lists and cannot be controlled by the authorize command.
Class
ACL/ NACL
CALACL
PACL
INET-ACL
CACL
AZNACL
ADMIN
X
X
X
 
 
 
APPL
X
X
 
 
 
X
AUTHHOST
X
X
 
 
 
X
CONNECT
X
X
X
 
 
 
CONTAINER
X
X
X
 
 
 
DOMAIN
X
X
X
 
 
 
FILE
X
X
X
 
 
 
GAPPL
X
X
 
 
 
X
GAUTHHOST
X
X
 
 
 
X
GFILE
X
X
X
 
 
 
GHOST
 
 
 
X
 
 
GSUDO
X
X
 
 
 
 
GTERMINAL
X
X
 
 
 
 
HOLIDAY
X
X
 
 
 
 
HOST
 
 
 
X
 
 
HOSTNET
 
 
 
X
 
 
HOSTNP
 
 
 
X
 
 
LOGINAPPL
X
X
 
 
 
 
MFTERMINAL
X
X
X
 
 
 
PROCESS
X
X
X
 
 
 
PROGRAM
X
X
 
 
 
 
REGKEY
X
X
X
 
 
 
REGVAL
X
X
X
 
 
 
SUDO
X
X
X
 
 
 
SURROGATE
X
X
X
 
 
 
TCP
X
X
X
 
X
 
TERMINAL
X
X
X
 
 
 
UACC
X
X
 
 
 
 
USER_DIR
X
 
 
 
 
X