Table of Contents
Advertisement
aci: (version 3.0; acl "HR"; allow (all) userdn=
"ldap:///cn=HRgroup,ou=example-people,dc=example,dc=com";)
This example assumes that the ACI is added to the
ou=example-people,dc=example,dc=com
From the Console, you can set this permission by doing the following:
On the Directory tab, right click the
1.
node in the left navigation tree, and choose Set Access
example.com
Permissions from the pop-up menu to display the Access Control Manager.
Click New to display the Access Control Editor.
2.
On the Users/Groups tab, in the ACI name field, type "HR". In the list of users
3.
granted access permission, do the following:
Select and remove All Users, then click Add.
a.
The Add Users and Groups dialog box is displayed.
Set the Search area to Users and Groups, and type "HRgroup" in the
b.
Search for field.
This example assumes that you have created an HR group or role. For
more information on groups and roles, see Chapter 5, "Advanced Entry
Management."
Click the Add button to list the HR group in the list of users who are
c.
granted access permission.
Click OK to dismiss the Add Users and Groups dialog box.
d.
On the Rights tab, click the Check All button.
4.
All checkboxes are ticked, except for Proxy rights.
Click OK.
5.
The new ACI is added to the ones listed in the Access Control Manager
window.
Granting Rights to Add and Delete Group Entries
Some organizations want to allow employees to create entries in the tree if it can
increase their efficiency, or if it can contribute to the corporate dynamics.
Access Control Usage Examples
entry.
example.com-people
Chapter 6
Managing Access Control
entry under the
243
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the NETSCAPE DIRECTORY SERVER 6.1 - ADMINISTRATOR and is the answer not in the manual?
Questions and answers