Defining Permissions; Allowing Or Denying Access; Assigning Rights - Netscape DIRECTORY SERVER 6.2 - ADMINISTRATOR Administrator's Manual

aci: (targetattr="*")(targetfilter=(o=NetscapeRoot))(version 3.0;
acl "Default anonymous access"; allow (read, search)
userdn="ldap:///anyone";)
This ACI can apply only to the
The risk associated with these methods is that your directory tree might change in
the future, and you would have to remember to modify this ACI.

Defining Permissions

Permissions specify the type of access you are allowing or denying. You can either
allow or deny permission to perform specific operations in the directory. The
various operations that can be assigned are known as rights.
There are two parts to setting permissions:
•

Allowing or denying access

•

Assigning rights

Allowing or Denying Access
You can either explicitly allow or deny access permissions to your directory
tree. For more guidelines on when to allow and when to deny access, refer to
the Netscape Directory Server Deployment Guide.
NOTE From the Server Console, you cannot explicitly deny access, but
only grant permissions.
Assigning Rights
Rights detail the specific operations a user can perform on directory data. You can
allow or deny all rights, or you can assign one or more of the following rights:
Read. Indicates whether users can read directory data. This permission applies
only to the search operation.
Write. Indicates whether users can modify an entry by adding, modifying, or
deleting attributes. This permission applies to the modify and modrdn operations.
Add. Indicates whether users can create entries. This permission applies only to the
add operation.
entry.
o=NetscapeRoot
Chapter 6
Creating ACIs Manually
Managing Access Control 209