documentation/info_segments/access

 1 06/25/76  Access Isolation Mechanism (AIM)
 2 
 3 A new access control mechanism known as the Access Isolation mechanism has
 4 been added to Multics. This mechanism provides system-wide administrative
 5 control over the access of processes to segments and directories, and over the
 6 propagation of access.
 7   This document briefly describes the purpose and general concepts of this
 8 mechanism.
 9   The current Multics access controls provide (1) rings to protect the
10 operating system from the actions of users, and (2) access control lists to
11 allow users, at their discretion, to grant or deny other users access to
12 segments and directories. The access isolation mechanism satisfies a need for
13 system-wide administrative control over the access of processes to segments and
14 directories.
15   Under the access isolation mechanism, each object in the system
16 (segments, directories, messages in message segments) has an
17 access class. Each process has an access authorization, determined at login
18 time from login options, and from maximum authorizations assigned to each
19 person (e.g., Jones), project (e.g., SUNSPOTS), user ID (e.g.,
20 Jones.SUNSPOTS), and terminal channel. A process may read (or execute or
21 search) an object if the process' authorization is greater than or equal to the
22 object's access class. A process may write (or modify or append to) an object
23 only if the process' authorization is equal to the object's access class.
24 Future help files will detail the rules for determining effective access when
25 using the access isolation mechanism.
26   Access control lists and ring brackets will continue to operate as before.
27 The major visible change is that a process' effective access to an object will
28 be the maximum access given by the ACL, ring brackets, and access class of the
29 object, taken all together. Within the set of objects and processes having
30 identical access classes and authorizations, ACL's still provide access control
31 at the individual user's discretion.
32   Defaults have been designed so that the access isolation mechanism will be
33 invisible to users and projects not wishing to use it.