Determining Data Access - Netscape DIRECTORY SERVER 6.0 - DEPLOYMENT Deployment Manual

page of 188

/ 188
Contents
Table of Contents
Bookmarks

Table of Contents

•

Allow an organization's administrator to create and manage entries for that

organization.

This approach makes your organization's administrators your directory

content managers.

•

Create roles that give groups of people read or write access privileges.

For example, you might create roles for human resources, finance, or

accounting. Allow each of these roles to have read access, write access, or both

to the data needed by the group, such as salary information, government

identification number (in the US, social security number), and home phone

numbers and address.

For more information about roles and grouping entries, refer to "Grouping

Directory Entries," on page 70.

As you determine who can write to the data, you may find that multiple

individuals need to have write access to the same information. For example, you

will want an information systems (IS) or directory management group to have

write access to employee passwords. You may also want the employees themselves

to have write access to their own passwords. While you generally must give

multiple people write access to the same information, try to keep this group small

and easy to identify. Keeping the group small helps ensure your data's integrity.

The Netscape Delegated Administrator can be used to provide partitioned account

management and delegate administration responsibility for users to individuals in

different roles across the organization. For more information, contact your

Netscape sales representative.

For information on setting access control for your directory, see Chapter 7,

"Designing a Secure Directory," on page 119.