1 – clearinghouse_access
Adds an access control entry (ACE) to a clearinghouse's access
control set (ACS).
SYNOPSIS
ADD CLEARINGHOUSE clearinghouse-name ACCESS principal)
[AS GROUP] [FOR] access
Arguments
clearinghouse-name
The name of the clearinghouse to which access is being added.
principal
The principal for whom access is being added. You can specify a
principal as a group name, a collection of principals denoted
with wildcards (for example, .org.name*), or an individual name
in the format, nodename.username. To specify a DNS Version 1-style
principal, use the format nodename::username. The phrase as group
indicates the specified principal is a group. You cannot use this
phrase with wildcard principal names.
access
The access rights for the specified principal. Rights are read,
write, delete, test, control, and none, and you can specify them as
r, w, d, t, c, and non. Separate multiple rights with commas.
Description
This command adds an access control entry (ACE) to a clearinghouse's
access control set. Access rights are defined as follows:
Read The principal can look up the clearinghouse by name and
read any attribute of the clearinghouse.
Write The principal can change the replica type of any replica
stored in the clearinghouse, create or delete replicas in
the clearinghouse, alter any modifiable attribute of the
clearinghouse (except the ACS).
Delete The principal can delete the clearinghouse.
Test The principal can check the value of any attribute of the
clearinghouse.
Control The principal can alter the clearinghouse's ACS and move
the clearinghouse to another server.
None The principal has no access rights.
ACCESS RIGHTS
You must have control access to the clearinghouse whose access
control set (ACS) is being modified.
1.1 – example
The following command grants an access control group named .testgroup read, write, test, and control access to the .paris2_ ch clearinghouse. dns> add clearinghouse .paris2_ch access .testgroup - _> as group for r, w, t, c
2 – directory_access
Adds an access control entry (ACE) to a directory's access control
set (ACS).
SYNOPSIS
ADD DIRECTORY directory-name [access-option] ACCESS principal
[AS GROUP] [FOR] access
Arguments
directory-name
The full name of the directory.
access-option
The extent to which the access rights apply. Possible access options
are default and nopropagate. Enter one or both of the following
options. If you enter both options, separate them with a comma.
If you omit this argument, the ACE applies to the directory and
automatically propagates to subsequent child directories.
default Indicates that the ACE applies to all new object
entries created in this directory. Access to already
existing entries is not affected. A default ACE
applies only to the contents of the directory, not to
the directory itself. If you do not use the default
option, the ACE applies to the directory.
nopropagate Prevents the access rights in this ACE from being
inherited by subsequently created child directories
of the specified directory. When used in conjunction
with default, prevents the ACS from being inherited
by the contents of future children of the specified
directory. Nopropagate is optional; if you do not use
it, access rights propagate automatically.
principal
The principal for whom access is being added. You can specify a
principal as a group name, a collection of principals denoted
with wildcards (for example, .org.name*), or an individual name
in the format, nodename.username. To specify a DNS Version 1-style
principal, use the format nodename::username. The phrase as group
indicates the specified principal is a group. You cannot use this
phrase with wildcard principal names.
access
The access rights for the specified principal. Rights are read,
write, delete, test, control, and none, and you can specify them as
r, w, d, t, c, and non. Separate multiple rights with commas.
Description
This command adds an access control entry (ACE) to a directory's
access control set. Access rights are defined as follows:
Read Enables the specified principal to look up the directory
by name, list the contents of the directory, and read any
directory attribute.
Write Enables the specified principal to create object entries
or soft links in the directory, to skulk the directory,
and to create, modify, or delete child directories.
Delete Enables the specified principal to delete the directory or
any name in the directory.
Test Enables the specified principal to check the value of any
attribute of the directory.
Control Enables the specified principal to perform any operation
on any object entry, soft link, or child in the directory,
to read or modify any attribute of the directory
(including its ACS), and to modify the replica type of
a replica or the epoch value of the directory.
None Does not grant the specified principal any access rights.
ACCESS RIGHTS
You must have control access to the directory whose ACS is being
modified. You also need write access to the clearinghouse.
2.1 – example
The following command grants read and write access for the .DNS_ Admin administration group to the .sales directory. dns> add directory .sales access .DNS_Admin as group for r,w
3 – group
3.1 – access
Adds an access control entry (ACE) to a group's access control set
(ACS).
SYNOPSIS
ADD GROUP group-name ACCESS principal [AS GROUP]
[FOR] access
Arguments
group-name
The full name of the group.
principal
The principal for whom access is being added as a member of the
group. You can specify a principal as a group name, a collection of
principals denoted with wildcards (for example, .org.name*), or an
individual name in the format, nodename.username. To specify a DNS
Version 1-style principal, use the format nodename::username. The
phrase as group indicates the specified principal is a group. You
cannot use this phrase with wildcard principal names.
access
The access rights for the specified principal. Rights are read,
write, delete, test, control, and none, and you can specify them as
r, w, d, t, c, and non. Separate multiple rights with commas.
Description
This command adds an access control entry (ACE) to a group's access
control set. Access rights are defined as follows:
Read The principal can look up the group by name and read any
attribute of the group.
Write The principal can change any modifiable group attribute
except the ACS.
Delete The principal can remove the member from the set of group
members
Test The principal can check the value of any attribute of the
group.
Control The principal can alter the group's ACS.
None The principal does not have access rights.
ACCESS RIGHTS
You must have control access to the group whose ACS is being
modified.
3.1.1 – example
The following command grants user .sales.deneb.smith read access to the .DNS_admin group. dns> add group .DNS_admin access .sales.deneb.smith for r
3.2 – member
Adds a member to an existing group. The member can be an individual
principal, a collection of principals denoted with wildcards, or
another group. Use the optional keywords as group to specify that
the member you are adding is itself a group. If you omit this
argument, the principal is not a group.
SYNOPSIS
ADD GROUP group-name MEMBER [=] principal [AS GROUP]
Arguments
group-name
The full name of the group.
principal
The principal that is being added as a member of the group. You
can specify a principal as a group name, a collection of principals
denoted with wildcards (for example, .org.name*), or an individual
name in the format, nodename.username. To specify a DNS Version 1-style
principal, use the format nodename::username. The phrase as group
indicates the specified principal is itself a group. You cannot use
this phrase with wildcard principal names.
ACCESS RIGHTS
You must have write access to the group to which you are adding a
member.
3.2.1 – example
The following command adds the member smith on node .sales.orion to the admin group. dns>add group .admin member .sales.orion.smith
4 – link_access
Adds an access control entry (ACE) to a soft link's access control
set (ACS).
SYNOPSIS
ADD LINK link-name ACCESS principal [AS GROUP] [FOR] access
Arguments
link-name
The full name of the soft link.
principal
The principal for whom access is being added. You can specify a
principal as a group name, a collection of principals denoted
with wildcards (for example, .org.name*), or an individual name
in the format, nodename.username. To specify a DNS Version 1-style
principal, use the format nodename::username. The phrase as group
indicates the specified principal is a group. You cannot use this
phrase with wildcard principal names.
access rights
The access rights for the specified principal. Rights are read,
write, delete, test, control, and none, and you can specify them as
r, w, d, t, c, and non. Separate multiple rights with commas.
Description
This command adds an access control entry (ACE) to a soft link's
access control set. Access rights are defined as follows:
Read The principal can look up the soft link by name, read any
soft link attribute, and perform wildcard lookups.
Write The principal can change any modifiable attribute except
the ACS.
Delete The principal can delete the soft link.
Test The principal can check the value of any attribute of the
soft link.
Control The principal can alter the soft link's ACS.
None The principal does not have access rights.
ACCESS RIGHTS
You must have control access to the soft link whose ACS is being
modified.
4.1 – example
The following command grants an access control group named .testgroup read, write, and test access to the soft link .sales.asia. dns> add link .sales.asia access .testgroup as group - _> for r, w, t
5 – object
Adds a value to a modifiable, set-valued attribute (including
application-defined attributes) of an object entry. If the value
is already defined for the attribute, no error message is generated.
Usually this task is performed through the client application, since
the client application defines the name of the attribute and the
syntax of its value.
SYNOPSIS
ADD OBJECT object-name attribute-name [=] attribute-value
Arguments
object-name
The full name of an object entry.
attribute-name
The name of a particular attribute. Specify your own attribute
name or one of the DECdns-defined attributes. Separate multiple
attributes with commas.
attribute-value
The value of a particular attribute. You can express the values of
application-defined attributes as quoted strings, "ps"; hex strings,
%x FF00EE; or concatenations of them in parentheses, (%x0103 "ps").
ACCESS RIGHTS
You must have write access to the object entry or control access to
the parent directory in which you intend to store the attribute.
5.1 – example
The following command adds the value "ps" to the user- defined set-valued attribute printcap of an object entry named .sales.east.deskprinter. dns>add object .sales.east.deskprinter printcap "ps"
5.2 – access
Adds an access control entry (ACE) to an object entry's access
control set (ACS).
SYNOPSIS
ADD OBJECT object-name ACCESS principal [AS GROUP]
[FOR] access
Arguments
object-name
The full name of the object entry.
principal
The principal for whom access is being added. You can specify a
principal as a group name, a collection of principals denoted
with wildcards (for example, .org.name*), or an individual name
in the format, nodename.username. To specify a DNS Version 1-style
principal, use the format nodename::username. The phrase as group
indicates the specified principal is a group. You cannot use this
phrase with wildcard principal names.
access
The access rights for the specified principal. Rights are read,
write, delete, test, control, and none, and you can specify them as
r, w, d, t, c, and non. Separate multiple rights with commas.
Description
This command adds an access control entry (ACE) to an object entry's
access control set. Access rights are defined as follows:
Read The principal can look up the object entry by name, read
any object attribute, and perform wildcard lookups.
Write The principal can change any modifiable attribute except
the ACS.
Delete The principal can delete the object entry.
Test The principal can check the value of the object entry.
Control The principal can alter the object entry's ACS.
None The principal does not have access rights.
You must have control access to the object entry whose ACS is being
modified.
5.2.1 – example
The following command grants read, write, and test access to user smith on node .sales.orion for an object entry named .admin.work_ disk3. dns> add object .admin.work_disk3 access .sales.orion.smith - _> for r, w, t