IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
Access Control List (ACL)
The information regarding which users can access an object and its properties
and what rights they have is stored in the object itself. For this purpose, every
object has a special property: Access Control List (ACL).
The ACL property contains the Trustee Assignments and the Inherited Rights
Filter. Every object entered in the ACL can have other Trustee Assignments. In
the file system, the ACL and the IRF are stored in the Directory Entry Table
(DET).
Allocation of access rights to directories and files
Besides granting access rights to users and groups for files and directories, the
allocation of Netware-Attributes to files and directories can increase data
security. Attributes are always bound to a file or directory and never to NDS-
Objects. These objects are independent of the assigned access rights and are
valid for all users including administrators.
Users, who have been granted the "Modify" (M) privilege for the files and
directories concerned, can change the Netware-Attributes and thereby carry
out every action permitted by their effective privileges.
By installing Netware-Attributes, security takes the form of a subsystem in file
and directory security. This means that, although users have the ER to delete a
file, they may not be able to do this because the attribute "Delete inhibit" (Di)
has been set.
When allocating Netware-Attributes to files and directories, the following
properties of Netware-Attributes should be taken into account.
- Directory Attributes:
Delete Inhibit (Di): The directory cannot be deleted.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000