Many users often share the same access needs, and an ACL consisting
strictly of UIC identifiers can become too lengthy. To shorten the
ACL, you can include environmental identifiers, which are system-defined,
or create general identifiers (see Table 4-1 “Major Types of Rights Identifiers”Table 4-1).
When creating general identifiers, you design the names of
the identifiers you want on your system and compose the set of holders
for the identifiers. Then you add the identifiers to the rights
database and assign the identifiers to the intended users.
For example, the Rainbow Paint Company decided to add the
identifier PAYROLL to the rights database. The holders of that identifier
were all users who needed read, write, execute, and delete access
to PAYROLL.DAT: OWESTWOOD, CRUIZ, and RSMITH.
Once the identifier and its holders were defined, the security
administrator used the following ACL to specify the same type of
access to PAYROLL.DAT:
(IDENTIFIER=PAYROLL,ACCESS=READ+WRITE+EXECUTE+DELETE)
(IDENTIFIER=JSIMON,ACCESS=READ)
(IDENTIFIER=SGIBSON,ACCESS=READ) |
