Naming Access Policy

An AccessPolicy can be specified for the NameService to controll access to NamingContext methods from the clients. The AccessPolicy is defined by the following IDL:

enum Access { ALL,     // allow any one
              NONE,    // allow no one
              REALM,   // allow the specified realm  users
};

struct AccessPolicy {
    Access read_binding;     // default = ALL
    Access write_binding;    // default = ALL
    Access delete_binding;   // default = ALL
    Access add_binding;      // default = ALL
    Access create_context;   // default = ALL
    Access delete_context;   // default = ALL
    Access add_context;      // default = ALL
};

The table below summarizes the various Policy variables that are enforced for each NamingContext method. If access is not allowed, then the NO_PERMISSION CORBA system exception is thrown by the NameService.

NamingContext Method
Access Policy Variable
bind
write_binding
bind_context
write_binding
rebind
delete_binding
write_binding
rebind_context
delete_binding, write_binding
resolve
read_binding
unbind
delete_binding
list
read_binding
new_context
create_context
bind_new_context
create_context, write_binding
destroy
delete_context
add
add_binding
add_context
add_context

Read Only NameSpace Example

In this example, we will create a namespace and then make it READ ONLY for every one, so no one can tamper with it.


Copyright © 2003, 2004 Novell, Inc. All rights reserved. Copyright © 2001, 2002, 2003 SilverStream Software, LLC. All rights reserved.