Every object in the NDS tree has an ACL attribute. This attribute holds information about which trustees have access to the object itself (entry rights) and which trustees have access to the attributes for the object. This information is stored in sets of information containing
The trustee name
The affected attribute-[Entry Rights], [All Attributes Rights], or a specific attribute
The privileges
Default ACL templates are defined for specific classes in the base schema and provide a minimum amount of access security for newly created objects. Only base schema objects can have default ACL templates. Developers extending the schema cannot create default ACL templates for new objects.
Since the Top object class defines a default ACL template, all object classes inherit a default ACL template. The ACL defined for Top allows the object that creates another object the right to supervise the created object. This ACL ensures that every object added to an NDS tree has a supervisor.
An object inherits the default ACL templates that are defined for any of the object’s super classes. For example, the NCP Server object inherits default ACL templates from Top and Server, and then defines one for itself.
Developers extending the schema cannot create templates that overwrite or add to the templates in the base schema. However, when an object is created in an NDS tree, the creation process can set the object’s ACLs to any value, including one that changes a value that comes from a default ACL template.