Hello,
I'm working with ACE and found two different ways to define access for all
others user/all other idents
IDENT=*, ACCESS=...
IDENT=[*,*], ACCESS=...
What is different between these two definition ?
greetings from Hannover, Germany
Dirk
(9795) Wildcards in Security ACE Format?
Re: (9795) Wildcards in Security ACE Format?
For details of Access Control Lists (ACLs) and Access Control
List Entries (ACEs), as well as resource, subsystem and other
forms of identifiers, please see the information available
within the OpenVMS System Security Manual.
In this particular case, one is the wildcard identifer, and
the other is the wildcard UIC. (Determining which one is the
identifier and which is the UIC is left as an exercise for
the reader.)
There is no generally need for such an identifier wildcard,
as this wildcard result can more directly be achieved using
the standard UIC protection mask and mechanisms. In most
instances, there is no specific need for an ACL nor a
wildcarded ACE for general access to an object; a standard
OpenVMS UIC rotection mask setting can provide wildcard
access or wildcard denial.
Do note that the order of ACEs within an ACL and teh UIC
progtection mask are of some importance. The security
manual will have details here, of course.
List Entries (ACEs), as well as resource, subsystem and other
forms of identifiers, please see the information available
within the OpenVMS System Security Manual.
In this particular case, one is the wildcard identifer, and
the other is the wildcard UIC. (Determining which one is the
identifier and which is the UIC is left as an exercise for
the reader.)
There is no generally need for such an identifier wildcard,
as this wildcard result can more directly be achieved using
the standard UIC protection mask and mechanisms. In most
instances, there is no specific need for an ACL nor a
wildcarded ACE for general access to an object; a standard
OpenVMS UIC rotection mask setting can provide wildcard
access or wildcard denial.
Do note that the order of ACEs within an ACL and teh UIC
progtection mask are of some importance. The security
manual will have details here, of course.