An administration model is provided that uses access control lists to define
permissions
for users and groups of users. The model identifies a number of objects to be administered.
Associated with each of these objects is a set of administrative operations that
can be performed on the object. For each of these operations a permission in an
access control list entry is defined. The protected resources are arranged in a
hierarchical fashion and an access control list can be associated with any point
in the hierarchy. The access control list provides fine-grained control over the
protected resources. At the time an administrator requests to perform an operation,
the administrator's identification is used to look up the prevailing access control
list to determine whether the operation is permitted.
