Domain Administered Information
Access control decisions for an object that is a member of a domain are based on the following criteria:
Object Type
Determines which rules within an access policy apply to an object.
Domain
The domain determines which access control policies apply to an object.
An object's domain and type determine which policy ACLs are associated with the object. The policy ACL, in turn, specifies which participants have permissions for objects that share the same domain and type. The set of permissions is described in
Setting Permissions.