Defines the class that holds the MASV security policy.
2.16.840.1.113719.1.31.6.2.1
|
Class Flags |
Setting |
|---|---|
|
Container |
Off |
|
Effective |
On |
|
Nonremovable |
Off |
|
Ambiguous Naming |
Off |
|
Ambiguous Container |
Off |
|
Auxiliary Class |
Off |
|
Rule |
Class/Attribute |
Defined For |
|---|---|---|
|
Super Classes |
MASV:Security Policy |
|
|
Containment |
MASV:Security Policy |
|
|
Named By |
MASV:Security Policy |
|
MASV:Security Policy |
Inherited from Top |
|---|---|
|
MASV:Security Policy |
|
|---|---|
|
Inherited from Top |
|
|---|---|
|
Object Name |
Default Rights |
Affected Attributes |
Class Defined For |
|---|---|---|---|
|
[Creator] |
Supervisor |
[Entry Rights] |
For help in understanding the class definition template, see Reading Class Definitions.
Mandatory Access Control Service (MASV) uses access class labels. These labels represent the sensitivity of the information and the formal authorization of logged-in objects. Access class labels assigned to logged-in objects are called clearances or ranges. When these labels are assigned to resources (such as volumes or partitions), they are called classifications or security labels.
MASV makes use of both classifications and clearances to compute the access rights of a logged-in object to information stored in eDirectory objects and volumes. MASV works in conjunction with eDirectory ACLs and file system rights. All the security systems must allow access for an object to access the resource.
For LDAP clients to access this class, the LDAP server must map this class to a name that contains no spaces or colons.