Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual page 216

Creating ACIs Manually
• Add — Indicates whether users can create an entry. This permission applies
only to the add operation.
• Delete — Indicates whether users can delete an entry. This permission applies
only to the delete operation.
• Search — Indicates whether users can search for the directory data. Users
must have Search and Read rights in order to view the data returned as part
of a search result. This permission applies only to the search operation.
• Compare — Indicates whether the users can compare data they supply with
data stored in the directory. With compare rights, the directory returns a
success or failure message in response to an inquiry, but the user cannot see
the value of the entry or attribute. This permission applies only to the
compare operation.
• Selfwrite — Indicates whether users can add or delete their own DN from a
group. This right is used only for group management.
• Proxy — Indicates whether the specified DN can access the target with the
rights of another entry. For an overview of proxy access, refer to the Red Hat
Directory Server Deployment Guide.
• All — Indicates that the specified DN has all rights (
delete
rights.
Rights are granted independently of one another. This means, for example, that a
user who is granted add rights can create an entry but cannot delete it if delete
rights have not been specifically granted. Therefore, when planning the access
control policy for your directory, you must ensure that you grant rights in a way
that makes sense for users. For example, it doesn't usually make sense to grant
write permission without granting read and search permissions.
216 Red Hat Directory Server Administrator's Guide • May 2005
, , and
compare selfwrite
read
) to the targeted entry, excluding proxy
, , ,
write search