Next: Capabilities
Up: Access Control Mechanisms
Previous: Global Table
- Each column stored as an access list of
(domain, operation) stored with each object
- In Unix, for instance, only 3 user domains (owner/user (u) , group (g) and others (o)) -
with operations being read (r), write (w) and execute (x)
- A file can be set to switch userid to owner when it executes i.e. allows increase of
privilege when using system programs
- Unix approach gives very coarse ACL
- Explicitly storing domains or individual users is more flexible
- Systems with more explicit ACLs store default domains plus individual entries (VAX/VMS)
System r w -
Owner r w e
Group r - e
World - - -
joe r - -
tom r - e
Omer F Rana
Sun Feb 16 17:49:18 GMT 1997