1 – clearinghouse_access
Adds an access control entry (ACE) to a clearinghouse's access control set (ACS). SYNOPSIS ADD CLEARINGHOUSE clearinghouse-name ACCESS principal) [AS GROUP] [FOR] access Arguments clearinghouse-name The name of the clearinghouse to which access is being added. principal The principal for whom access is being added. You can specify a principal as a group name, a collection of principals denoted with wildcards (for example, .org.name*), or an individual name in the format, nodename.username. To specify a DNS Version 1-style principal, use the format nodename::username. The phrase as group indicates the specified principal is a group. You cannot use this phrase with wildcard principal names. access The access rights for the specified principal. Rights are read, write, delete, test, control, and none, and you can specify them as r, w, d, t, c, and non. Separate multiple rights with commas. Description This command adds an access control entry (ACE) to a clearinghouse's access control set. Access rights are defined as follows: Read The principal can look up the clearinghouse by name and read any attribute of the clearinghouse. Write The principal can change the replica type of any replica stored in the clearinghouse, create or delete replicas in the clearinghouse, alter any modifiable attribute of the clearinghouse (except the ACS). Delete The principal can delete the clearinghouse. Test The principal can check the value of any attribute of the clearinghouse. Control The principal can alter the clearinghouse's ACS and move the clearinghouse to another server. None The principal has no access rights. ACCESS RIGHTS You must have control access to the clearinghouse whose access control set (ACS) is being modified.
1.1 – example
The following command grants an access control group named .testgroup read, write, test, and control access to the .paris2_ ch clearinghouse. dns> add clearinghouse .paris2_ch access .testgroup - _> as group for r, w, t, c
2 – directory_access
Adds an access control entry (ACE) to a directory's access control set (ACS). SYNOPSIS ADD DIRECTORY directory-name [access-option] ACCESS principal [AS GROUP] [FOR] access Arguments directory-name The full name of the directory. access-option The extent to which the access rights apply. Possible access options are default and nopropagate. Enter one or both of the following options. If you enter both options, separate them with a comma. If you omit this argument, the ACE applies to the directory and automatically propagates to subsequent child directories. default Indicates that the ACE applies to all new object entries created in this directory. Access to already existing entries is not affected. A default ACE applies only to the contents of the directory, not to the directory itself. If you do not use the default option, the ACE applies to the directory. nopropagate Prevents the access rights in this ACE from being inherited by subsequently created child directories of the specified directory. When used in conjunction with default, prevents the ACS from being inherited by the contents of future children of the specified directory. Nopropagate is optional; if you do not use it, access rights propagate automatically. principal The principal for whom access is being added. You can specify a principal as a group name, a collection of principals denoted with wildcards (for example, .org.name*), or an individual name in the format, nodename.username. To specify a DNS Version 1-style principal, use the format nodename::username. The phrase as group indicates the specified principal is a group. You cannot use this phrase with wildcard principal names. access The access rights for the specified principal. Rights are read, write, delete, test, control, and none, and you can specify them as r, w, d, t, c, and non. Separate multiple rights with commas. Description This command adds an access control entry (ACE) to a directory's access control set. Access rights are defined as follows: Read Enables the specified principal to look up the directory by name, list the contents of the directory, and read any directory attribute. Write Enables the specified principal to create object entries or soft links in the directory, to skulk the directory, and to create, modify, or delete child directories. Delete Enables the specified principal to delete the directory or any name in the directory. Test Enables the specified principal to check the value of any attribute of the directory. Control Enables the specified principal to perform any operation on any object entry, soft link, or child in the directory, to read or modify any attribute of the directory (including its ACS), and to modify the replica type of a replica or the epoch value of the directory. None Does not grant the specified principal any access rights. ACCESS RIGHTS You must have control access to the directory whose ACS is being modified. You also need write access to the clearinghouse.
2.1 – example
The following command grants read and write access for the .DNS_ Admin administration group to the .sales directory. dns> add directory .sales access .DNS_Admin as group for r,w
3 – group
3.1 – access
Adds an access control entry (ACE) to a group's access control set (ACS). SYNOPSIS ADD GROUP group-name ACCESS principal [AS GROUP] [FOR] access Arguments group-name The full name of the group. principal The principal for whom access is being added as a member of the group. You can specify a principal as a group name, a collection of principals denoted with wildcards (for example, .org.name*), or an individual name in the format, nodename.username. To specify a DNS Version 1-style principal, use the format nodename::username. The phrase as group indicates the specified principal is a group. You cannot use this phrase with wildcard principal names. access The access rights for the specified principal. Rights are read, write, delete, test, control, and none, and you can specify them as r, w, d, t, c, and non. Separate multiple rights with commas. Description This command adds an access control entry (ACE) to a group's access control set. Access rights are defined as follows: Read The principal can look up the group by name and read any attribute of the group. Write The principal can change any modifiable group attribute except the ACS. Delete The principal can remove the member from the set of group members Test The principal can check the value of any attribute of the group. Control The principal can alter the group's ACS. None The principal does not have access rights. ACCESS RIGHTS You must have control access to the group whose ACS is being modified.
3.1.1 – example
The following command grants user .sales.deneb.smith read access to the .DNS_admin group. dns> add group .DNS_admin access .sales.deneb.smith for r
3.2 – member
Adds a member to an existing group. The member can be an individual principal, a collection of principals denoted with wildcards, or another group. Use the optional keywords as group to specify that the member you are adding is itself a group. If you omit this argument, the principal is not a group. SYNOPSIS ADD GROUP group-name MEMBER [=] principal [AS GROUP] Arguments group-name The full name of the group. principal The principal that is being added as a member of the group. You can specify a principal as a group name, a collection of principals denoted with wildcards (for example, .org.name*), or an individual name in the format, nodename.username. To specify a DNS Version 1-style principal, use the format nodename::username. The phrase as group indicates the specified principal is itself a group. You cannot use this phrase with wildcard principal names. ACCESS RIGHTS You must have write access to the group to which you are adding a member.
3.2.1 – example
The following command adds the member smith on node .sales.orion to the admin group. dns>add group .admin member .sales.orion.smith
4 – link_access
Adds an access control entry (ACE) to a soft link's access control set (ACS). SYNOPSIS ADD LINK link-name ACCESS principal [AS GROUP] [FOR] access Arguments link-name The full name of the soft link. principal The principal for whom access is being added. You can specify a principal as a group name, a collection of principals denoted with wildcards (for example, .org.name*), or an individual name in the format, nodename.username. To specify a DNS Version 1-style principal, use the format nodename::username. The phrase as group indicates the specified principal is a group. You cannot use this phrase with wildcard principal names. access rights The access rights for the specified principal. Rights are read, write, delete, test, control, and none, and you can specify them as r, w, d, t, c, and non. Separate multiple rights with commas. Description This command adds an access control entry (ACE) to a soft link's access control set. Access rights are defined as follows: Read The principal can look up the soft link by name, read any soft link attribute, and perform wildcard lookups. Write The principal can change any modifiable attribute except the ACS. Delete The principal can delete the soft link. Test The principal can check the value of any attribute of the soft link. Control The principal can alter the soft link's ACS. None The principal does not have access rights. ACCESS RIGHTS You must have control access to the soft link whose ACS is being modified.
4.1 – example
The following command grants an access control group named .testgroup read, write, and test access to the soft link .sales.asia. dns> add link .sales.asia access .testgroup as group - _> for r, w, t
5 – object
Adds a value to a modifiable, set-valued attribute (including application-defined attributes) of an object entry. If the value is already defined for the attribute, no error message is generated. Usually this task is performed through the client application, since the client application defines the name of the attribute and the syntax of its value. SYNOPSIS ADD OBJECT object-name attribute-name [=] attribute-value Arguments object-name The full name of an object entry. attribute-name The name of a particular attribute. Specify your own attribute name or one of the DECdns-defined attributes. Separate multiple attributes with commas. attribute-value The value of a particular attribute. You can express the values of application-defined attributes as quoted strings, "ps"; hex strings, %x FF00EE; or concatenations of them in parentheses, (%x0103 "ps"). ACCESS RIGHTS You must have write access to the object entry or control access to the parent directory in which you intend to store the attribute.
5.1 – example
The following command adds the value "ps" to the user- defined set-valued attribute printcap of an object entry named .sales.east.deskprinter. dns>add object .sales.east.deskprinter printcap "ps"
5.2 – access
Adds an access control entry (ACE) to an object entry's access control set (ACS). SYNOPSIS ADD OBJECT object-name ACCESS principal [AS GROUP] [FOR] access Arguments object-name The full name of the object entry. principal The principal for whom access is being added. You can specify a principal as a group name, a collection of principals denoted with wildcards (for example, .org.name*), or an individual name in the format, nodename.username. To specify a DNS Version 1-style principal, use the format nodename::username. The phrase as group indicates the specified principal is a group. You cannot use this phrase with wildcard principal names. access The access rights for the specified principal. Rights are read, write, delete, test, control, and none, and you can specify them as r, w, d, t, c, and non. Separate multiple rights with commas. Description This command adds an access control entry (ACE) to an object entry's access control set. Access rights are defined as follows: Read The principal can look up the object entry by name, read any object attribute, and perform wildcard lookups. Write The principal can change any modifiable attribute except the ACS. Delete The principal can delete the object entry. Test The principal can check the value of the object entry. Control The principal can alter the object entry's ACS. None The principal does not have access rights. You must have control access to the object entry whose ACS is being modified.
5.2.1 – example
The following command grants read, write, and test access to user smith on node .sales.orion for an object entry named .admin.work_ disk3. dns> add object .admin.work_disk3 access .sales.orion.smith - _> for r, w, t