DDSSEC_ — How to determine if creating a DomainParticipant is allowed

The DomainParticipant Permissions document does not specifically indicate if we are allowed to create a participant in a domain. It indicates which topics are allowed/denied to publish/subscribe/relay. What specifically determines whether we are or are not allowed to create a participant?

Is it simply the presence of a matching 'subject_name' entry?

Modify Table 40 adding detail on the conditions for the access control operations to succeed based on the governance and permissions documents

Add more detailed information to Table 40 (Actions undertaken by the operations of the bulitin AccessControl plugin) in Section 9.4.3.

Describe the precise behavior of the access-control operations for the built-in access control plugin based on the Governance and Permissions documents. Specifically the following aspects should be covered:

• Impact of the existence of Topics in the Governance document that have enable_read_access_control or enable_write_access_control set to FALSE
• Impact of the Publisher/Subscriber partition
• Impact of DataReader/DataWriter Tags

The description of the following operations in Table 40 should be updated with to include the behavior under the aforementioned circumstances:
check_create_participant, check_create_datawriter, check_create_datareader, check_create_topic, check_local_datawriter_register_instance, check_local_datawriter_dispose_instance, check_remote_participant, check_remote_datawriter, check_remote_datareader, check_remote_topic