Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual page 137

Hide thumbs Also See for DIRECTORY SERVER 8.1 - DEPLOYMENT:

Command reference manual (372 pages)

Configuration and command reference (292 pages)

Reference (228 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

page of 164

/ 164
Contents
Table of Contents
Bookmarks

Table of Contents

attributes that are targeted or by explicitly naming the attributes that are not targeted by the ACI.

Excluding attributes in the target sets a permission for all but a few attributes allowed by an object

class structure.

8.7.1.2. Permissions

Permissions can either allow or deny access. In general, avoid denying permissions (for the reasons

Section 8.7.2.2, "Allowing or Denying

explained in

performed on the directory service:

Permission

Read

Write

Compare

Self-write

Add

Delete

Access"). Permissions can be any operation

Description

Indicates whether directory data may be read.

Indicates whether directory data may be changed

or created. This permission also allows directory

data to be deleted but not the entry itself. To

delete an entire entry, the user must have delete

permissions.

Indicates whether the directory data can be

searched. This differs from the read permission

in that read allows directory data to be viewed if it

is returned as part of a search operation.

For example, if searching for common names is

allowed as well as read permission for a person's

room number, then the room number can be

returned as part of the common name search,

but the room number itself cannot be used as

the subject of a search. Use this combination to

prevent people from searching the directory to

see who sits in a particular room.

Indicates whether the data may be used

in comparison operations. The compare

permission implies the ability to search, but

actual directory information is not returned as a

result of the search. Instead, a simple Boolean

value is returned which indicates whether the

compared values match. This is used to match

userPassword attribute values during directory

authentication.

Used only for group management. This

permission enables a user to add to or delete

themselves from a group.

Indicates whether child entries can be created.

This permission enables a user to create child

entries beneath the targeted entry.

Indicates whether an entry can be deleted. This

permission enables a user to delete the targeted

entry.

About the ACI Format

127

Table of Contents

Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual page 137

Related Manuals for Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT

Related Products for Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT

Table of Contents