DNS$CPHELP.HLB  —  add  directory_access
 Adds an access control entry (ACE) to a directory's access control
 set (ACS).

 SYNOPSIS

      ADD DIRECTORY directory-name [access-option] ACCESS principal

      [AS GROUP] [FOR] access

 Arguments

 directory-name

 The full name of the directory.

 access-option

 The extent to which the access rights apply. Possible access options
 are default and nopropagate. Enter one or both of the following
 options. If you enter both options, separate them with a comma.
 If you omit this argument, the ACE applies to the directory and
 automatically propagates to subsequent child directories.

 default        Indicates that the ACE applies to all new object
                entries created in this directory. Access to already
                existing entries is not affected. A default ACE
                applies only to the contents of the directory, not to
                the directory itself. If you do not use the default
                option, the ACE applies to the directory.
 nopropagate    Prevents the access rights in this ACE from being
                inherited by subsequently created child directories
                of the specified directory. When used in conjunction
                with default, prevents the ACS from being inherited
                by the contents of future children of the specified
                directory. Nopropagate is optional; if you do not use
                it, access rights propagate automatically.

 principal

 The principal for whom access is being added. You can specify a
 principal as a group name, a collection of principals denoted
 with wildcards (for example, .org.name*), or an individual name
 in the format, nodename.username. To specify a DNS Version 1-style
 principal, use the format nodename::username. The phrase as group
 indicates the specified principal is a group. You cannot use this
 phrase with wildcard principal names.

 access

 The access rights for the specified principal. Rights are read,
 write, delete, test, control, and none, and you can specify them as
 r, w, d, t, c, and non. Separate multiple rights with commas.

 Description

 This command adds an access control entry (ACE) to a directory's
 access control set. Access rights are defined as follows:

 Read       Enables the specified principal to look up the directory
            by name, list the contents of the directory, and read any
            directory attribute.
 Write      Enables the specified principal to create object entries
            or soft links in the directory, to skulk the directory,
            and to create, modify, or delete child directories.
 Delete     Enables the specified principal to delete the directory or
            any name in the directory.
 Test       Enables the specified principal to check the value of any
            attribute of the directory.
 Control    Enables the specified principal to perform any operation
            on any object entry, soft link, or child in the directory,
            to read or modify any attribute of the directory
            (including its ACS), and to modify the replica type of
            a replica or the epoch value of the directory.
 None       Does not grant the specified principal any access rights.

 ACCESS RIGHTS
 You must have control access to the directory whose ACS is being
 modified. You also need write access to the clearinghouse.

1  –  example 

 The following command grants read and write access for the .DNS_
 Admin administration group to the .sales directory.

 dns> add directory .sales access .DNS_Admin as group for r,w
Close Help