Object ------------------------- | 1 | 2 | 3 | 4 | ------------------------- ----- ------------------------- | 1 | | r | | r | | r = read ----- ------------------------- w = write | 2 | | | | | p | x = execute Domain ----- ------------------------- p = print | 3 | | | r | x | | ----- ------------------------- | 4 | | rw | | rw | | ----- -------------------------
Can extend this idea
Object ------------------------------------------------------- | 1 | 2 | 3 | 4 | AM | D1 | D2 | D3 | D4 | ------------------------------------------------------- ----- ------------------------------------------------------- | 1 | | r | | r | | | | s | | | ----- ------------------------------------------------------- | 2 | | | | | p | | | | s | s | Domain ----- ------------------------------------------------------- | 3 | | | r | x | | | | | | | ----- ------------------------------------------------------- | 4 | | rw | | rw | | M | s | | | | ----- -------------------------------------------------------
Either ACLs or Capabilities may have defined groups: membership in the group defines some of the permissions. Database roles, for instance.
There are drawbacks to each method.
Question: does this correspond to the systems you know? How closely?
Scan for: