Naming Access Policy

An AccessPolicy can be specified for the NameService to controll access to NamingContext methods from the clients. The AccessPolicy is defined by the following IDL:

enum Access { ALL,     // allow any one
              NONE,    // allow no one
              REALM,   // allow the specified realm users
};
struct AccessPolicy {
    Access read_binding;     // default = ALL
    Access write_binding;    // default = ALL
    Access delete_binding;   // default = ALL
    Access add_binding;      // default = ALL
    Access create_context;   // default = ALL
    Access delete_context;   // default = ALL
    Access add_context;      // default = ALL
};

The table below summarizes the various Policy variables that are enforced for each NamingContext method. If access is not allowed, then the NO_PERMISSION CORBA System exception is thrown by the NameService.

NamingContext Method Access Policy Variable

bind write_binding

bind_context write_binding

rebind delete_binding,
write_binding

rebind_context delete_binding,
write_binding

resolve read_binding

unbind delete_binding

list read_binding

new_context create_context

bind_new_context create_context,
write_binding

destroy delete_context

add add_binding

add_context add_context

Read Only NameSpace Example
In this example, we will create a namespace and then make it READ ONLY for every one, so no one can tamper with it.

Copyright © 1998-2003, Novell, Inc. All rights reserved.

NamingContext Method	Access Policy Variable
`bind`	`write_binding`
`bind_context`	`write_binding`
`rebind`	`delete_binding,` `write_binding`
`rebind_context`	`delete_binding,` `write_binding`
`resolve`	`read_binding`
`unbind`	`delete_binding`
`list`	`read_binding`
`new_context`	`create_context`
`bind_new_context`	`create_context,` `write_binding`
`destroy`	`delete_context`
`add`	`add_binding`
`add_context`	`add_context`