Column- or entry level access rights can provide additional access in two ways: by extending the rights to additional principals or by providing additional rights to the same principals. Of course, both ways can be combined. Following are some examples.
Assume a table object granted read rights to the table's owner.
Table 15–1 NIS+ Table, Column, Entry Example 1
|
Nobody |
Owner |
Group |
World |
---|---|---|---|---|
Table Access Rights: |
---- |
r--- |
---- |
---- |
This means that the table's owner could read the contents of the entire table but no one else could read anything. You could then specify that Entry-2 of the table grant read rights to the group class.
Table 15–2 NIS+ Table, Column, Entry Example 2
|
Nobody |
Owner |
Group |
World |
---|---|---|---|---|
Table Access Rights: |
---- |
r--- |
---- |
---- |
Entry-2 Access Rights: |
---- |
---- |
r--- |
---- |
Although only the owner could read all the contents of the table, any member of the table's group could read the contents of that particular entry. Now, assume that a particular column granted read rights to the world class.
Table 15–3 NIS+ Table, Column, Entry Example 3
|
Nobody |
Owner |
Group |
World |
---|---|---|---|---|
Table Access Rights: |
---- |
r--- |
---- |
---- |
Entry-2 Access Rights: |
---- |
---- |
r--- |
---- |
Column-1 Access Rights: |
---- |
---- |
---- |
r--- |
Members of the world class could now read that column for all entries in the table. Members of the group class could read everything in Column-1 (because members of the group class are also members of the world class) and also all columns of Entry-2. Neither the world nor the group classes could read any cells marked *NP* (for Nor Permitted).
Table 15–4 NIS+ Table, Column, Entry Example 4
|
Col 1 |
Col 2 |
Col 2 |
---|---|---|---|
Entry-1 |
contents |
*NP* |
*NP* |
Entry-2 |
contents |
contents |
contents |
Entry-3 |
contents |
*NP* |
*NP* |
Entry-4 |
contents |
*NP* |
*NP* |
Entry-5 |
contents |
*NP* |
*NP* |