Administration
|
|
| admin_acl_file |
Table |
| Administrative Permission Settings (Continued) |
|
|
|
|
|
|
| Administrator Field Name | ACL file |
|
| Character | |
|
|
| |
|
|
|
|
|
| List prinicpal. This is redundant with i or I | l or L |
|
| Note: This permission is not displayed in |
|
|
| Administrator |
|
|
|
|
|
|
| Modify Principals | m or M |
|
|
|
|
|
| Extract Keys | x or X |
|
|
|
|
|
| Restricted Administrator. Use the r, R and Rr | r or R |
|
| modifiers in combination with the a, A, c, C, d, D, |
|
|
| i, I, m, M, or x. X permissions to permit |
|
|
| administrative principals to use those options only |
|
|
| against certain principals. |
|
|
|
|
|
|
| The order of the permission letters is irrelevant. |
|
NOTE |
|
| |
|
|
|
|
The principal can also include the “*” wildcard as the admin_acl_file supports the following identifier/instance wildcards:
•*/instance
•identifier/*
This makes it easier to add groups of principal names to the file. So if you want any principal with the instance “admin” to have permissions to administer the database, you could use the principal “*/admin@REALM”. where ‘REALM’ is your primary security server’s realm.
For example, to grant all principals with the admin instance, who need to have all the permissions assigned to them, add the following line in the acl file:
*/admin@FINANCE.BAMBI.COM *
where,
* | all prinicpals |
admin instance
Chapter 6 | 97 |