ACL commands
Security Verify Access access control depends on the following conditions:
- The ACL that controls the requested object must contain appropriate access permissions for the requesting user.
- The requested object must be accessible to the requesting user.
Accessibility to protected objects is controlled by the traverse (T) permission. The traverse permission is only applied to container objects in the protected object space. The traverse permission specifies that a user, group, any-other, or unauthenticated user, that is identified in the ACL entry, has permission to pass through this container object to gain access to a protected resource object that is below it in the hierarchy.
If an ACL is directly attached to the protected object, this ACL defines the ACL policy for that object. If an ACL is not directly attached to the protected object, the controlling ACL is the nearest one that is above it in the protected object hierarchy.
- List ACLs
- Lists all ACLs defined in ISAM:
padmin> acl list- Finding ACLs
- Displays where each of those ACLs is attached within the protected object space hierarchy:
pdadmin> acl find acl_name- Show ACLs
- Examines the controlling ACL to check that it is correct for the type of enforcement wanted:
pdadmin> acl show acl_name
Correct the ACL definition if needed.
Parent topic: Unexpected access to resources