Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual page 349

Authorization for CMS Users
As you can see, there usually is not a need to include a deny statement. There
might, however, be cases where you would need to specify one. For example, say
that user has just been fired. was a member of the Administrators
JohnB JohnB
Group. You might want to specifically deny access to if you cannot delete
JohnB
the user immediately. Another case might be that you want to set the user
BrianC
up as an administrator, but you do not want him to be able to change some
resource. Since you do want to allow the Administrators group access to this
resource, you could specifically deny access to by creating an ACI that
BrianC
denies this user access.
Operations
When you are creating an ACI, you specify the operation that this ACI is allowing
or denying. To allow or deny access to more than one operator in a single ACI,
select the first operator from the list, and then hold down Ctrl while selecting other
operators.
Syntax
The syntax field of the ACI editor is where you specify the evaluator for the
expression. The ACL feature allows for the evaluator types of group, name, and IP
address. You add one of these along with the name of the entity, separated by
either by (equals) or (does not equal).
= !=
Group Syntax
The syntax for a group is:
to specify that the group named is to be allowed or denied
group="groupname"
access to the operation specified.
to specify that any group except for the group named is to be
group!="groupname"
allowed or denied access to the operation specified.
For example:
group="Administrators"
group!="Auditors"
User Syntax
The syntax for a user is:
to specify that the user ID named is to be allowed or denied access
user="userID"
to the operation specified.
to specify that any user ID except for the user ID named is to be
user!="userID"
allowed or denied access to the operation specified.
Chapter 8 Authorization 349