Table of Contents
Advertisement
Creating ACIs From the Console
Creating ACIs From the Console
You can use the Directory Server Console to view, create, edit, and delete access
control instructions for your directory. This section provides general instructions
for:
•
Displaying the Access Control Editor
•
Viewing Current ACIs
•
Creating a New ACI
•
Editing an ACI
•
Deleting an ACI
See "Access Control Usage Examples," on page 227 for a collection of access control
rules commonly used in Directory Server security policies, along with step-by-step
instructions for using the Directory Server Console to create them.
The Access Control Editor does not enable you to construct some of the more
complex ACIs when you are in Visual editing mode. In particular, from the Access
Control Editor you cannot:
•
Deny access (see "Permissions Syntax," on page 203)
•
Create value-based ACIs (see "Targeting Attribute Values Using LDAP
Filters," on page 198)
•
Define parent access (see "Parent Access (parent Keyword)," on page 207)
•
Create ACIs that contain Boolean bind rules (see "Using Boolean Bind Rules,"
on page 221)
•
Generally, create ACIs that use the following keywords:
authmethod
TIP
222
Netscape Directory Server Administrator's Guide • January 2002
In the Access Control Editor, you can click on the Edit Manually
button at any time to check the LDIF representation of the changes
you make through the graphical interface.
,
,
roledn
userattr
Advertisement
Table of Contents
Need help?
Do you have a question about the NETSCAPE DIRECTORY SERVER 6.01 - ADMINISTRATOR and is the answer not in the manual?
Questions and answers