Rather than attempting to restructure UIC groups to solve
data and resource protection problems, you may be able to achieve
your goals by using access control lists (ACLs). (“Controlling Access with ACLs”“Controlling Access
with ACLs” on page 75 provides a detailed description
of ACLs.) The UIC can serve as an identifier in an ACE, so you can
easily construct ACLs that allow specific users across various UIC
groups access to an object.
For example, consider the ACL that you might construct to
allow specific users from the Rainbow Paint Company to access the
file PAYROLL.DAT:
(IDENTIFIER=OWESTWOOD,ACCESS=READ+WRITE+EXECUTE+DELETE)
(IDENTIFIER=CRUIZ,ACCESS=READ+WRITE+EXECUTE+DELETE)
(IDENTIFIER=RSMITH,ACCESS=READ+WRITE+EXECUTE+DELETE)
(IDENTIFIER=JSIMON,ACCESS=READ)
(IDENTIFIER=SGIBSON,ACCESS=READ) |
