Data Federation Permissions and Access Control Lists

Every Data Federation object has an access control list that defines the specific privileges of each user or group to perform actions on the object.

Access control lists (ACLs) determine which grid users are allowed to access files, directories, categories, Data Federation shares, data services, and other objects in the data catalog.

Users can perform these actions on the objects in the data catalog: read, write, execute, and delete. You can allow or deny permission for each action on each object by each user or group.

Here’s a sample ACL for a file called secrethandshake.txt.


Sample access control list for a file called secrethandshake.txt.

The ACL includes three users—fred, Administrator, and barney—and one group, WaterBuffaloes. The users fred and barney are both members of the WaterBuffaloes group; they are listed separately because their permissions are different from those of the group.

The user fred, listed first in the sample ACL, owns the file. Only the owner of an object or a member of the Administrators group can change the object’s ACL.

Note: Deny permissions set for the owner of an object or for members of the Administrators group are ignored—that is, you can set an ACL to deny read, write, execute, or delete permission, but the owner or administrator can still perform those actions. The UI lets an owner set deny permissions for herself in case she wants to have them in effect after she sets a new owner for the object.
Parent topic: Modifying an Access Control List
Related concepts
Interpretation of Permissions in ACLs
Permissions in Directories and Categories
Related reference
Permission Settings

For product-related issues, contact Sybase Technical Support at 1-800-8SYBASE. Send your feedback on this help topic directly to Sybase Technical Publications: pubs@sybase.com