Table of Contents
Advertisement
Designing Your Directory Tree
Both the enterprise and the hosting organization design their data hierarchies
based on information that is not likely to change often.
Access Control Considerations
Introducing hierarchy into your directory tree can be used to enable certain types
of access control. As with replication, it is easier to group together similar entries
and then administer them from a single branch.
You can also enable the distribution of administration through a hierarchical
directory tree. For example, if you want give an administrator from the marketing
department access to the marketing entries and an administrator from the sales
department access to the sales entries, you can do so through your directory tree
design.
You can set access controls based on the directory content rather than the directory
tree. The ACI filtered target mechanism lets you define a single access control rule
stating that a directory entry has access to all entries containing a particular
attribute value. For example, you could set an ACI filter that gives the sales
administrator access to all the entries containing the attribute
However, ACI filters can be difficult to manage. You must decide which method of
access control is best suited to your directory: organizational branching in your
directory tree hierarchy, ACI filters, or a combination of the two.
66
Netscape Directory Server Deployment Guide • January 2002
.
ou=Sales
Advertisement
Table of Contents
