This subsection describes the access rights syntax used with the various NIS+ commands that deal with authorization and access rights.
Access rights, whether specified in an environment variable or a command, are identified with three types of arguments: class, operator, and right.
Class. Class refers to the type of NIS+ principal (authorization class) to which the rights will apply.
| Class | Description | 
|---|---|
| n | Nobody: all unauthenticated requests | 
| o | The owner of the object or table entry | 
| g | The group owner of the object or table entry | 
| w | World: all authenticated principals | 
| a | All: shorthand for owner, group, and world (this is the default) | 
Operator. The operator indicates the kind of operation that will be performed with the rights.
| Operator | Description | 
|---|---|
| + | Adds the access rights specified by right | 
| - | Revokes the access rights specified by right | 
| = | Explicitly changes the access rights specified by right; in other words, revokes all existing rights and replaces them with the new access rights. | 
Rights. The rights are the access rights themselves. The accepted values for each are listed below.
| Right | Description | 
|---|---|
| r | Reads the object definition or table entry | 
| m | Modifies the object definition or table entry | 
| c | Creates a table entry or column | 
| d | Destroys a table entry or column | 
You can combine operations on a single command line by separating each operation from the next with a comma (,).
Table 15–10 Class, Operator, and Rights Syntax—Examples| Operations | Syntax | 
|---|---|
| Add read access rights to the owner class | o+r | 
| Change owner. group, and world classes' access rights to modify only from whatever they were before | a=m | 
| Add read and modify rights to the world and nobody classes | wn+m | 
| Remove all four rights from the group, world, and nobody classes | gwn-rmcd | 
| Add create and destroy rights to the owner class and add read and modify rights to the world and nobody classes | o+cd,wn+rm | 
Owner. To specify an owner, use an NIS+ principal name.
Group. To specify an NIS+ group, use an NIS+ group name with the domain name appended.
Remember that principal names are fully qualified (principalname.domainname).
For owner
| principalname | 
For group
| groupname.domainname | 
Objects and table entries use different syntaxes.
Objects use simple object names.
Table entries use indexed names.
For objects
| objectname | 
For table entries
| columnname=value],tablename | 
In this case, the brackets are part of the syntax.
Indexed names can specify more than one column-value pair. If so, the operation applies only to the entries that match all the column-value pairs. The more column-value pairs you provide, the more stringent the search.
For example:
Table 15–11 Object and Table Entry—Examples| Type | Example | 
|---|---|
| Object | hosts.org_dir.sales.doc.com. | 
| Table entry | `[uid=33555],passwd.org_dir.Eng.doc.com.' | 
| Two-value table entry | `[name=sales,gid=2],group.org_dir.doc.com.' | 
Columns use a special version of indexed names. Because you can only work on columns with the nistbladm command, seeThe nistbladm Command for more information.