The object's group is a single NIS+ group. (In this context, group refers to NIS+ groups, not UNIX or net groups.)
A principal making a request for access to an NIS+ object must be authenticated (present a valid DES credential) and belong to the group before being granted group access rights.
An NIS+ group is a collection of NIS+ principals, grouped together as a convenience for providing access to the namespace. The access rights granted to an NIS+ group apply to all the principals that are members of that group. (An object's owner, however, does not need to belong to the object's group.)
When an object is created it may be assigned a default group. A nondefault group can be specified for an object when it is created or after it is created. An object's group may be changed at any time.
Information about NIS+ groups is not stored in the NIS+ group table. The group table stores information about UNIX groups. Information about NIS+ groups is stored in the appropriate groups_dir directory object.
Instructions for administering NIS+ groups are provided in Chapter 17, Administering NIS+ Groups.