next up previous contents
Next: AACLS Syntax Up: AACLS schema and syntax Previous: AACLS schema and syntax   Contents

AACLS Concept

The main idea of AACLS is relationship between entries. An AACL works with :

The AACL checks if the author and the target are linked through the relation. Of course the operation needs to be allowed on the specified attribute(s). The operation is allowed through the "rights" attribute.

By default, nothing is possible. Each AACL is tried successively. If one of them authorized the operation, the result is immediately sent back. When the AACLS server has tried each AACL with no authorization, it fails.

Both of the author and the target are described with a base and a filter. Only the base of the target is mandatory.

root 2004-01-21