[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: The meaning of an ACL in a NODES profile
From:       Bob Bridges <rhbridg () ATTGLOBAL ! NET>
Date:       2011-12-23 2:31:50
Message-ID: 201112230233.pBN2XBBM018302 () listserv ! uga ! edu
[Download RAW message or body]

That section is numbered 15.15.1.1 in the version of the Admin Guide I'm
using (V2R10.0), and although I looked carefully I never saw that passage,
nor anything else that spelled it out explicitly.  But I began to suspect it
when I failed to find any information, so I'm content at your confirmation.
Thanks very much.

PS - Now that I do a text search for "access list", I see it there plain as
day.  Sigh.  "Access lists do not apply to NODES class profiles. The ADDMEM
value is used to translate to locally-defined values."

---
Bob Bridges, rhbridg@attglobal.net, cell 336 382-7313

/* Ever since Freud, we've been taught to look "deep" for the causes of
crime and misbehavior -- in early childhood, in repressed memories, in
unconscious "roots" of conduct.  Psychology now enjoys the prestige
astrology once commanded in royal courts.  -Joseph Sobran */

-----Original Message-----
From: Russell D Hardgrove
Sent: Thursday, December 22, 2011 17:46

access lists on NODES are irrelevant  (for use).  They are never the target
of an AUTH call.  A quote from SecAdminGuide section titled 14.15.1.1
Understanding NODES Profiles:  "Note: Access lists do not apply to NODES
class profiles."

Their parts are extracted and a decision is formed from their parts. UACC
is key, but NOT anyone in the access list.

Read the above section carefully.

If they are discrete (no generic parts) then I guess someone with ALTER
can change them...   Most likely those     RDEFINE'r     before
NOADDCREATOR.

But SPECIAL ids typically create them so that is sorta moot.

Anything below ALTER for discretes  buys nothing  (IF the ALTER thing
panned out anyway)

Still,   I'd clean OUT all the ACCESS LISTs of all NODES profiles.
[prev in list] [next in list] [prev in thread] [next in thread]